WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Audit Policy
»
Audit account management
»
User Account Management
User Account Management
User Account Management
This category tracks changes to local user accounts on workstations, member servers and Active Directory domain user accounts on domain controllers. To configure this you must use
auditpol.
Coverage on events generated by this category are currently in the
Security Log Encyclopedia
:
Event ID
Title
4720
A user account was created.
4722
A user account was enabled.
4723
An attempt was made to change an account's password.
4724
An attempt was made to reset an accounts password.
4725
A user account was disabled.
4726
A user account was deleted.
4738
A user account was changed.
4740
A user account was locked out.
4767
A user account was unlocked.
4780
The ACL was set on accounts which are members of administrators groups.
4781
The name of an account was changed:
4794
An attempt was made to set the Directory Services Restore Mode administrator password
5376
Credential Manager credentials were backed up.
5377
Credential Manager credentials were restored from a backup.
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Rated 5 stars based on 1 vote.
Article has been viewed 4,149 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Web Protection: The Missing Link in the Endpoint Security Chain?
File Integrity Monitoring with the Windows Security Log
Anatomy of an Attack: What Happened at RSA and What Can We Learn From It?
Implementing Virtual Security Cameras to Protect Privileged Access and Enforce Accountability
Additional Resources
Security Log Quick Reference Chart
Security Log Resource Kit
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
Home
>
Windows
>
WinSecWiki
User name:
Password:
/
Forgot?
Register
Home