Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
User Account Changed: <change>
Target Account Name: <account name>
Target Domain: <domain>
Target Account ID: <account SID>
Caller User Name: <user that initiated the change>
Caller Domain: <domain>
Caller Logon ID: (0x0,0x<id number>)
|English: Request a translation of the event description in plain English.|
Check the following Microsoft articles for details on this event: ME173059, ME314444, ME314786, and ME822377.
A privileged user (i.e. Administrator) made changes to an account. For example the change can be "'Password Not Required' - Enabled" indicating that the account has been modified so it does not require a password.
This event may also be generated if you analyze the server security using the Microsoft Baseline Security Analyzer.
|Private comment: Subscribers only. See example of private comment|
|Links: ME173059, ME174074, ME314444, ME314786, ME822377, Online Analysis of Security Event Log|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated