Event ID 561 – Handle Allocated
|Description||A handle has been allocated.|
Event ID 561 is logged when a handle to an object has been allocated and opened. This event is generated only when the handle that caused the generation of an audit is opened.
This log data provides the following information:
- Handle ID
- Operation ID
- Process ID
Why does event ID 561 need to be monitored?
- To track the allocation of handles to different users
- To prevent privilege abuse
- To detect abnormal and potentially malicious activity
- To ensure compliance with regulatory mandates
ADAudit Plus provides real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports provide detailed information about object related events.
Event 561 applies to the operating system Windows Server 2000.