I encountered this in the course of investigating another report of "too many object access events". Evidently Exchange 2000 Server can cause a large number of handle close events with no corresponding handle open events. The KB article explains how to solve the problem.
2005-10-05 UPDATE: Another Exchange audit volume problem, reported by Jeremy D. You can add a DWORD value named "Disable Close Object Audit" (no quotes) to the following registry key, and set it to "1", and disable event 562 (close handle) for Exchange Server 2003 with SP1 installed. The key is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParameterSystem
2008-06-05 UPDATE: Reader Craig reports that the actual key name includes "ParameterSystem" in the registry path. Updated accordingly. Thanks Craig!
PingBack from http://winblogs.security-feed.com/2005/08/18/another-culprit-causes-too-many-object-access-events/