Event ID 4661: A handle to an object was requested.
|Description||The event is generated when a SAM object is opened.|
The event logs the following information:
|Access request information||
When the object is closed you get event ID 4658 with the same handle ID.
Corresponding event in 2003 and earlier versions: Event 565
ADAudit Plus helps in tracking deletion of directory service objects, besides security principals, such as OU, GPO, container, contact, DNS node, etc.
Event 4661 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10