Take ownership attempts based on object access events

I am getting tons of these:

A handle to an object was requested.

Subject:

      Security ID:            S-1-5-18

      Account Name:            DC01$ (domain controler name)

      Account Domain:            XXXXX (domain name)

      Logon ID:            

Object:

      Object Server:            Security

      Object Type:            Key

      Object Name:            \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SamSs

      Handle ID:            1260

Process Information:

      Process ID:            2696

      Process Name:            C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe

Access Request Information:

      Transaction ID:            00000000-0000-0000-0000-000000000000

      Accesses:            DELETE

                  READ_CONTROL

                  WRITE_DAC

                  WRITE_OWNER

                  Query key value

                  Set key value

                  Create sub-key

                  Enumerate sub-keys

                  Notify about changes to keys

                  Create Link

                  

      Access Mask:            

      Privileges Used for Access Check:      -

      Restricted SID Count:      0



nourbenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ady FootSharePoint ConsultantCommented:
Hi there,

This is nothing to worry about - it is simply saying that permissions were checked.  You obviously have this level of detailed auditing enabled through Group Policy.  For more information about the particular event please see http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4656 or http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4661 (you don't give me the exact event ID).

Regards,

Ady
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.