Explorer Erroneously Generates Event 560 - Write Failures

Last reviewed: September 30, 1997
Article ID: Q172509
The information in this article applies to:

- Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0

SYMPTOMS

When you use Explorer to view directories and files, a Security Audit Failure Event 560 may be generated. A typical Security Event might be:

   8/5/97   8:11:45 PM  Security Failure Audit
   Object Access  560
   <USERNAME>
   <MACHINE NAME>
   Object Open:
      Object Server: Security
      Object Type:   File
      Object Name:   <FILE PATH\NAME>
      New Handle ID: -
      Operation ID:  {0,195446}
      Process ID: 2156888096
      Primary User Name:   <USERNAME>
      Primary Domain:   <DOMAIN NAME>
      Primary Logon ID: (0x0,0x2EA46)
      Client User Name: -
      Client Domain: -
      Client Logon ID:  -
      Accesses    SYNCHRONIZE
         ReadAttributes
         WriteAttributes

CAUSE

The local user having only Read and Execute (RX) Permissions may cause this when the files are being audited for Write failures.

WORK AROUNDS

To work around this problem:

  • Use File Manager instead of Explorer and these errors will not be generated.
  • Do not audit write failures on files that only have Read and Execute access.

STATUS

Microsoft has confirmed this to be a problem in Windows NT version 4.0 We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.


Additional query words: winnt prodnt explore exploring open view
winfile lock Secevent viewer detail NtfsDisableLastAccessUpdate
Keywords : kbbug4.00 nt32ap ntdomain ntfilesys ntsecurity NTSrvWkst
Version : WinNT:4.0
Platform : winnt
Hardware : x86


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: September 30, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.