Windows Security Log Event ID 4722

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019
Category • Subcategory	Account Management • User Account Management
Type	Success
Corresponding events in Windows 2003 and before	626

Discussions on Event ID 4722

• 4722 - A user account was enabled - Machine Account in Subject?
• Events for "A user account enabled / disabled"
• Looking for re-enabled accounts

4722: A user account was enabled

On this page

Description of this event
Field level details
Examples
Discuss this event
Mini-seminars on this event

The user identified by Subject: enabed the user identified by Target Account:.

This event is logged both for local SAM accounts and domain accounts.

This event is always logged after event 4720 - user account creation.

You will also see event ID 4738 informing you of the same information.

Free Security Log Resources by Randy

Description Fields in 4722

Subject:

The user and logon session that performed the action.

Security ID: The SID of the account.
Account Name: The account logon name.
Account Domain: The domain or - in the case of local accounts - computer name.
Logon ID is a semi-unique (unique between reboots) number that identifies the logon session. Logon ID allows you to correlate backwards to the logon event (4624) as well as with other events logged during the same logon session.

Target Account:

Security ID: SID of the account
Account Name: name of the account
Account Domain: domain of the account

Supercharger Free Edition

Centrally manage WEC subscriptions.

Free.

Examples of 4722

A user account was enabled.

Subject:

   Security ID: ACME-FR\administrator
   Account Name: administrator
   Account Domain: ACME-FR
   Logon ID: 0x20f9d

Target Account:

   Security ID: ACME-FR\John.Locke
   Account Name: John.Locke
   Account Domain: ACME-FR

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 4722

Discussions on Event ID 4722

• 4722 - A user account was enabled - Machine Account in Subject?
• Events for "A user account enabled / disabled"
• Looking for re-enabled accounts

Upcoming Webinars

Hacking the Endpoint From Zero to Full Domain Administrator Using a Crylock Ransomware and Exfiltration Attack Walkthrough

Additional Resources

Encyclopedia

•	All Event IDs
•	Audit Policy

Go To Event ID:

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

March 2021 Patch Monday	"Patch Monday: Two Chrome Zero-Days Updated " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2021 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.