Windows Security Log Event ID 624

Operating Systems	Windows Server 2000 Windows 2003 and XP
Category	Account Management
Type	Success
Corresponding events in Windows 2008 and Vista	4720

624: User Account Created

On this page

Description of this event
Field level details
Examples
Mini-seminars on this event

"Caller user" created "new account". This event will be accompanied by at least 2 subsequent event ID 642s and one 627.

Free Security Log Resources by Randy

Description Fields in 624

New Account Name: %1
New Domain: %2
New Account ID: %3
Caller User Name: %4
Caller Domain: %5
Caller Logon ID: %6
Privileges %7

Attributes: (Windows 2003)

Sam Account Name: %8
Display Name: %9
User Principal Name: %10
Home Directory: %11
Home Drive: %12
Script Path: %13
Profile Path: %14
User Workstations: %15
Password Last Set: %16
Account Expires: %17
Primary Group ID: %18
AllowedToDelegateTo: %19
Old UAC Value: %20
New UAC Value: %21
User Account Control: %22
User Parameters: %23
Sid History: %24
Logon Hours: %25

Supercharger Free Edition

User Account Created:
New Account Name:harold
New Domain:ELM
New Account ID:ELM\harold
Caller User Name:administrator
Caller Domain:ELM
Caller Logon ID:(0x0,0x158EB7)
Privileges-

Windows Server 2003 adds these fields

Attributes:
Sam Account Name:harold
Display Name:harold
User Principal Name:harold@elm.local
Home Directory:-
Home Drive:-
Script Path:-
Profile Path:-
User Workstations:-
Password Last Set:
Account Expires:
Primary Group ID:513
AllowedToDelegateTo:-
Old UAC Value:0x0
New UAC Value:0x15
User Account Control:
Account Disabled
'Password Not Required' - Enabled
'Normal Account' - Enabled
User Parameters:-
Sid History:-
Logon Hours:

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 624

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.