Fix: Event ID 4663, An Attempt Was Made to Access An Object

Remove unfamiliar event logs from the system for a quick fix

by Claire Moraa
Claire Moraa
Claire Moraa
Author
Claire likes to think she's got a knack for solving problems and improving the quality of life for those around her. Driven by the forces of rationality, curiosity,... read more
Reviewed by Alex Serban
Alex Serban
Alex Serban
Windows Server & Networking Expert
After moving away from the corporate work-style, Alex has found rewards in a lifestyle of constant analysis, team coordination and pestering his colleagues. Holding an MCSA Windows Server... read more
Affiliate Disclosure
  • The Event ID 4663 could indicate your system/server is at risk because an unauthorized account is trying to access files.
  • The user account that is attempting to access the system is not permitted to do so or does not have the necessary permissions.
  • You can easily check the event logs for any suspicious users and remove them.

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Event 4663 may indicate that a user has logged on to a domain computer using an account that is not authorized to be used to log on to the domain. This can occur if the account was disabled or removed from the Domain Admins group.

If you see this error regularly, it could be related to permissions on shared folders or drives and/or improperly configured user accounts with insufficient access rights. Still, it’s worth checking out because if left unattended, the user may gain access.

What is Event ID 4663?

Event ID 4663 is logged when a particular operation is performed on an object. This event can be viewed in the Security log and has a target of the security log. The Event ID 4663 will be recorded in the security log when a user attempts to perform an operation that requires administrator permissions.

The main categories of object types are as follows:

  • File system objects (for example, files, folders, or printers)
  • Kernel objects (for example, processes and threads)
  • Registry objects (for example, keys and values)
  • System objects (for example, drivers)
  • Objects on removable storage or devices

An attempt was made to access an object could mean:

  • Object is no longer present on the server – If you are having trouble accessing a file or folder, it means that this file or folder was deleted from the server.
  • The object is present on the server, but its name is not valid – It’s possible that the object may have been deleted or renamed since it was last accessed. 
  • Object is present on the server, but in a different location – This error can occur if you try to access a file or folder that has been moved or renamed. 
  • The object is present on the server, but your account does not have access rights – This error occurs when your user account does not have sufficient read/write privileges for you to do so.

How can I fix Event ID 4663?

Expert tip:

SPONSORED

Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.

First off, ensure you check the following:

  • Turn on your firewall to ensure unauthorized access is limited. Also, check out what to do if you’re unable to turn on Windows Firewall.
  • Check whether there’s a misconfiguration of the SACL (System Access Control List), which prevents users from accessing objects they should be allowed to.

1. Check and remove Event logs

  1. Click on the Windows Search icon on the taskbar, type Event Viewer and click Open.Event Viewer
  2. Navigate to the left-hand pane, expand the Windows Logs menu and select Security.windows logs
  3. Scroll through the various logs and locate one with Event ID 4663
  4. Once you locate a log with Event ID 4663, make note of the Account Name that attempted to log in
  5. Bring up the Search icon again, type Control Panel and click Open.control-panel-search fallout new vegas runtime error
  6. Select User Accounts.going user accounts control panel
  7. Click on Manage your credentials on the left-hand side.Open Manage your credentials
  8. Select Windows Credentials in the new window.going windows credentials windows 11
  9. Expand the unfamiliar user account, and in the drop-down menu, click Remove to get rid of that user.

The Event ID 4663 attempt may be due to an internal or external security breach, and a user account is being used by malicious software to access the system. This account may have been created by malware or by an attacker exploiting a vulnerability in network services.

2. Disable remote access

  1. Hit the Windows key and click on Settings.settings windows 11
  2. Click on the System tab and scroll down to Remote Desktop.
  3. Toggle the switch next to Remote Desktop to disable the feature.
  4. Next, hit the Windows + R keys to open the Run command.
  5. Type regedit in the dialog box and hit Enter to open the Registry Editor. Select Yes if the User Account Control asks if you want to make any changes.
  6. Navigate to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  7. Double-click on fDenyTSConnections on the right pane to open it.
  8. Set the Value data to 1, then click OK to finish up.

A Windows server can be accessed remotely if it is running a service. For example, if you want to access your server via Remote Desktop, you need to enable this feature.

Disabling remote access should be a temporary security measure until you determine whether the Event ID 4663 is a brute-force attack.

That’s all we had for this particular Event ID, but check out what we have in store. For instance, the Event ID 4648, where a logon using credentials was attempted.

Share any additional thoughts on this topic in the comment section below.

Still having issues? Fix them with this tool:

SPONSORED

If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: