deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-10 11:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/device-security/auditing/audit-other-account-management-events.md
Brian Lich 33c3fb2e74 New TOC for docs.microsoft.com
2017-04-19 14:12:47 -07:00

3.5 KiB
Raw Blame History

title, description, ms.assetid, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid ms.pagetype ms.prod ms.mktglfcycl ms.sitesec author
Audit Other Account Management Events (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Account Management Events, which determines whether the operating system generates user account management audit events. 4ce22eeb-a96f-4cf9-a46d-6642961a31d5 security w10 deploy library Mir0sh

Audit Other Account Management Events

Applies to

  • Windows 10
  • Windows Server 2016

Audit Other Account Management Events determines whether the operating system generates user account management audit events.

Event volume: Typically Low on all types of computers.

This subcategory allows you to audit next events:

  • The password hash of a user account was accessed. This happens during an Active Directory Management Tool password migration.

  • The Password Policy Checking API was called. Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller Yes No Yes No The only reason to enable Success auditing on domain controllers is to monitor “4782(S): The password hash an account was accessed.”
This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.
Member Server No No No No The only event which is generated on Member Servers is “4793(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance.
This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.
Workstation No No No No The only event which is generated on Workstations is “4793(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance.
This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.

Events List:

  • 4782(S): The password hash an account was accessed.

  • 4793(S): The Password Policy Checking API was called.