Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to determine whether users changed their passwords before an account lockout


View products that this article applies to.

Summary

This step-by-step article describes how to determine whether users changed their passwords before an account lockout. You may want to configure an audit account management policy to determine whether users changed their passwords before an account lockout occurred. This policy may be useful when users forget their new passwords, or when users continue to use their old passwords.

Audit Account Management in Microsoft Windows 2000 Server and Windows Server 2003

  1. Click Start, and then click Run.
  2. In the Open box, type mmc, and then click OK.
  3. On the Console menu, click Add/Remove Snap-in, and then click Add.
  4. In the Add Standalone Snap-in dialog box, click Group Policy, click Add, click Finish, click Close, and then click OK.
  5. Double-click Local Computer Policy, and then double-click Computer Configuration.
  6. Double-click Windows Settings, and then double-click Security Settings.
  7. Double-click Local Policies, and then double-click Audit Policy.
  8. In the right pane, double-click Audit account management.
  9. In the Local Security Policy Setting dialog box, click to select the Success and the Failure check boxes, and then click OK.
  10. Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
  11. Click Security Log, and then in the right pane, double-click Success Audit or Failure Audit.

Audit Account Management in Microsoft Windows NT 4.0

  1. Click Start, point to Programs, point to Administrative Tools, and then click User Manager for Domains.
  2. Click Policies on the menu bar, and then click Audit.
  3. Click Audit These Events.
  4. Click to select the Failure check box for the Logon and Logoff event.
  5. Click to select the Success and the Failure check boxes for the User and Group Management event, and then click OK.
  6. Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
  7. Click Log on the menu bar, and then click Security.


↑ Back to the top


More information

The following is an example an account management event:

Event Type: Success Audit
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 642 Date: 8/12/2008
Time: 3:13:33 PM
User: CONTOSO\administrator
Computer: CONTOSO-DCB
Description: User Account Changed:
Target Account Name: t
Target Domain: CONTOSO
Target Account ID: CONTOSO\t
Caller User Name: administrator
Caller Domain: CONTOSO
Caller Logon ID: (0x0,0x233FF)
Privileges: -
Changed Attributes:
Sam Account Name: -
Display Name: - User
Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: 8/12/2008 3:13:33 PM
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: -
New UAC Value: -
User Account Control: -
User Parameters: -
Sid History: -
Logon Hours: -

To see a list of all account management events, visit the following Microsoft Web site:

↑ Back to the top


References

For more information about security event descriptions, click the following article numbers to view the articles in the Microsoft Knowledge Base:
299475 Windows 2000 Security Event Descriptions (Part 1 of 2)
301677 Windows 2000 Security Event Descriptions (Part 2 of 2)
174074 Security Event Descriptions
For more information about password and account lockout features in Microsoft Windows 2000 Server and Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
813500 Support WebCast: Microsoft Windows 2000 Server and Windows Server 2003: Password and Account Lockout Features

↑ Back to the top


Keywords: KB822703, kbhowtomaster

↑ Back to the top

Article Info
Article ID : 822703
Revision : 2
Created on : 2/11/2009
Published on : 2/11/2009
Exists online : False
Views : 449