Microsoft KB Archive/172509

= Explorer Erroneously Generates Event 560 - Write Failures =

Article ID: 172509

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q172509



SYMPTOMS
When you use Explorer to view directories and files, a Security Audit Failure Event 560 may be generated. A typical Security Event might be:

  8/5/97   8:11:45 PM  Security Failure Audit Object Access 560   Object Open: Object Server: Security Object Type:  File Object Name:   New Handle ID: - Operation ID: {0,195446} Process ID: 2156888096 Primary User Name:   Primary Domain:   Primary Logon ID: (0x0,0x2EA46) Client User Name: - Client Domain: - Client Logon ID: - Accesses   SYNCHRONIZE ReadAttributes WriteAttributes



CAUSE
The local user having only Read and Execute (RX) Permissions may cause this when the files are being audited for Write failures.



WORKAROUND
To work around this problem:
 * Use File Manager instead of Explorer and these errors will not be generated.


 * Do not audit write failures on files that only have Read and Execute access.



STATUS
Microsoft has confirmed this to be a problem in Windows NT version 4.0 We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Additional query words: winnt prodnt explore exploring open view winfile lock Secevent viewer detail NtfsDisableLastAccessUpdate

Keywords: KB172509

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.