If you turn on Audit Object Access, which is useful to find when and who access and deleted files, you may see thousands of Event 562 in the Windows Security event log. Here’s how I fixed it.

ISSUE
-———-
After turning on Success auditing for Object Access on the SBS 2003 Server,
the security event is fills up with:

Event ID: 562
Source: System
Category: Object Access
Type: Success A
Description:
Handle Closed
Object Server: Microsoft Exchange
Image File Name: C:\Program Files\Exchsrvr\bin\store.exe

CAUSE
-——-
Temporary objects created/opened while routing mail are audited when
closed/deleted.
The auditing is not based on SACL on these objects; all these operations are
audited just because they turned on auditing for Store.

RESOLUTION
-————–
Add the following registry setting to disable the store auditing without
impacting the audit for other objects.

On the SBS Server, please open the below registry key:

  HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem

Please add the following DWORD value

Value name: Disable Close Object Audit
Value Type: DWORD
Value Data: 1

 source: http://msmvps.com/blogs/bradley/archive/2006/12/23/issues-in-december-from-the-partner-newsgroups.aspx

 I did not need to restart any services after following these instructions.