WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Audit Policy
»
Audit account management
»
User Account Management
User Account Management
User Account Management
This category tracks changes to local user accounts on workstations, member servers and Active Directory domain user accounts on domain controllers. To configure this you must use
auditpol.
Coverage on events generated by this category are currently in the
Security Log Encyclopedia
:
Event ID
Title
4720
A user account was created.
4722
A user account was enabled.
4723
An attempt was made to change an account's password.
4724
An attempt was made to reset an accounts password.
4725
A user account was disabled.
4726
A user account was deleted.
4738
A user account was changed.
4740
A user account was locked out.
4767
A user account was unlocked.
4780
The ACL was set on accounts which are members of administrators groups.
4781
The name of an account was changed:
4794
An attempt was made to set the Directory Services Restore Mode administrator password
5376
Credential Manager credentials were backed up.
5377
Credential Manager credentials were restored from a backup.
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Article not rated yet.
Article has been viewed 1,385 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Avoid Group Policy Disasters
Auditing User Accounts in Active Directory with the Windows 2003 & 2008 Security Logs
Additional Resources
Security Log Quick Reference Chart
Security Log Resource Kit
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
Home
>
Windows Security
>
WinSecWiki
User name:
Password:
/
Forgot?
Register
Home