Windows Security Log Event ID 4722
| Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019
|
Category
• Subcategory | Account Management
• User Account Management |
|
Type
|
Success
|
Corresponding events
in Windows
2003
and before |
626
|
4722: A user account was enabled
On this page
The user identified by Subject: enabed the user identified by Target Account:.
This event is logged both for local SAM accounts and domain accounts.
This event is always logged after event 4720 - user account creation.
You will also see event ID 4738 informing you of the same information.
Free Security Log Resources by Randy
Subject:
The user and logon session that performed the action.
- Security ID: The SID of the account.
- Account Name: The account logon name.
- Account Domain: The domain or - in the case of local accounts - computer name.
- Logon ID is a semi-unique (unique between reboots) number that identifies the logon session. Logon ID allows you to correlate backwards to the logon event (4624) as well as with other events logged during the same logon session.
Target Account:
- Security ID: SID of the account
- Account Name: name of the account
- Account Domain: domain of the account
Setup PowerShell Audit Log Forwarding in 4 Minutes
A user account was enabled.
Subject:
Security ID: ACME-FR\administrator
Account Name: administrator
Account Domain: ACME-FR
Logon ID: 0x20f9d
Target Account:
Security ID: ACME-FR\John.Locke
Account Name: John.Locke
Account Domain: ACME-FR
Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection