Windows Security Log Event ID 4722

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory		Account Management
 • User Account Management
Type Success
Corresponding events
in Windows 2003
and before		 626  

4722: A user account was enabled

On this page

The user identified by Subject: enabed the user identified by Target Account:. 

This event is logged both for local SAM accounts and domain accounts.

This event is always logged after event 4720 - user account creation.

You will also see event ID 4738 informing you of the same information.

Free Security Log Resources by Randy

Description Fields in 4722

Subject:

The user and logon session that performed the action.

  • Security ID:  The SID of the account.
  • Account Name: The account logon name.
  • Account Domain: The domain or - in the case of local accounts - computer name.
  • Logon ID is a semi-unique (unique between reboots) number that identifies the logon session.  Logon ID allows you to correlate backwards to the logon event (4624) as well as with other events logged during the same logon session.

Target Account: 

  • Security ID:  SID of the account
  • Account Name:  name of the account
  • Account Domain: domain of the account

Supercharger Free Edition


Supercharger's built-in Xpath filters leave the noise behind.

Free.

 

Examples of 4722

A user account was enabled.

Subject:

   Security ID:  ACME-FR\administrator
   Account Name:  administrator
   Account Domain:  ACME-FR
   Logon ID:  0x20f9d

Target Account:


   Security ID:  ACME-FR\John.Locke
   Account Name:  John.Locke
   Account Domain:  ACME-FR
 

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



Mini-Seminars Covering Event ID 4722
Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources