Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/172509

From BetaArchive Wiki
Knowledge Base

Explorer Erroneously Generates Event 560 - Write Failures

Article ID: 172509

Article Last Modified on 10/31/2006


  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition

This article was previously published under Q172509


When you use Explorer to view directories and files, a Security Audit Failure Event 560 may be generated. A typical Security Event might be:

   8/5/97   8:11:45 PM  Security Failure Audit
   Object Access  560
   Object Open:
      Object Server: Security
      Object Type:   File
      Object Name:   <FILE PATH\NAME>
      New Handle ID: -
      Operation ID:  {0,195446}
      Process ID: 2156888096
      Primary User Name:   <USERNAME>
      Primary Domain:   <DOMAIN NAME>
      Primary Logon ID: (0x0,0x2EA46)
      Client User Name: -
      Client Domain: -
      Client Logon ID:  -
      Accesses    SYNCHRONIZE


The local user having only Read and Execute (RX) Permissions may cause this when the files are being audited for Write failures.


To work around this problem:

  • Use File Manager instead of Explorer and these errors will not be generated.

  • Do not audit write failures on files that only have Read and Execute access.


Microsoft has confirmed this to be a problem in Windows NT version 4.0 We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Additional query words: winnt prodnt explore exploring open view winfile lock Secevent viewer detail NtfsDisableLastAccessUpdate

Keywords: KB172509