Event ID: 4690

An attempt was made to duplicate a handle to an object

An attempt was made to duplicate a handle to an object.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Source Handle Information:
    Source Handle ID:   %5
    Source Process ID:  %6

New Handle Information:
    Target Handle ID:   %7
    Target Process ID:  %8
Microsoft Documentation

Event ID - 4690


This event has little security relevance.


This event generates if an attempt was made to duplicate a handle to an object.



Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any S-1-5-18
Account Name SubjectUserName %2 Any DC01$
Account Domain SubjectDomainName %3 Any DOMAIN
Logon ID SubjectLogonId %4 Any 0x3e7
Source Handle ID SourceHandleId %5 Any 0x438
Source Process ID SourceProcessId %6 Any 0x674
Target Handle ID TargetHandleId %7 Any 0xd9c
Target Process ID TargetProcessId %8 Any 0x4


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Handle Manipulation"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List