Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
User Account password set: Target Account Name: CORPSMTP01$ Target Domain: CORP Target Account ID: S-1-5-21-197031408-981208221-617630493-1225 Caller User Name: SYSTEM Caller Domain: NT AUTHORITY Caller Logon ID: (0x0,0x3E7)
|English: Request a translation of the event description in plain English.|
If the "Target Account Name" in the description is that of a computer name suffixed by the "$" character then this Event ID may be due to the command to reset the computer account. e.g.: netdom resetpwd /server:<computer> /userd:<domain>\<account> /passwordd:*
The user account password was reset by another user who has permission to do so. See MSW2KDB and ME822377 for information on this event.
User Account password set
|Private comment: Subscribers only. See example of private comment|
|Links: ME822377, Online Analysis of Security Event Log, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated