Windows Security Log Event ID 697

Operating Systems Windows 2003 and XP
CategoryAccount Management
Type Success
Corresponding events
in Windows 2008
and Vista

697: Password Policy Checking API is called

On this page

Microsoft says this is "typical behavior" and can be ignored.  I concur.  You may frequently see it on SQL Servers.

Free Security Log Resources by Randy

Description Fields in 697

  •  Caller Username: %1
  •  Caller Domain: %2
  •  Caller Logon ID: %3
  •  Caller Workstation: %4
  •  Provided User Name (unauthenticated): %5
  •  Status Code: %6

Supercharger Enterprise


Examples of 697

Password Policy Checking API is called:
  Caller Username: Administrator
  Caller Domain: ACME
  Caller Logon ID: (0x0,0xA20FA)
  Caller Workstation:
  Provided User Name (unauthenticated): aklsdjiwuerowierlkmclknlaksjdqweiquroijlkasjlkq
  Status Code: 0x0

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection


Additional Resources