No announcement yet.

Initerpreting Event Log Handle ID

  • Filter
  • Time
  • Show
Clear All
new posts

  • Initerpreting Event Log Handle ID

    Hi all

    I am currently reading up on event logs on Windows products.

    I know what are event ids and I know what are handle ids. But the thing that I dunno is following:

    Is there any chance to read out which files have been accessed especially within the object access security logs?

    I know that some events show Object name which is only the name of the folder which has been accessed. And event this doesn't happen always.
    But is it possible to request the system with the handle id which file has been accessed? I can imagine that this needs to be done in real time depending on how kernel works with handle ids.


  • #2
    Re: Initerpreting Event Log Handle ID

    So what are you asking here? You wish to audit file access in eventvwr?

    Does this fit the bill?:


    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.


    • #3
      Re: Initerpreting Event Log Handle ID

      Thanks, this will do it.