How to Identify the User Who Changed the Administrator Password (173939)
The information in this article applies to:
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Server 4.0
This article was previously published under Q173939 SUMMARY
Enabling auditing for user and group management will generate audit events
when user or group accounts are changed. However, the events will list the
security ID (SID) rather than the user name of the user who made the
change.
For security purposes, it is often desirable to know the user name of the
user who made the change. This can be accomplished by auditing changes on
the registry key corresponding to the Administrator account.
Modification Type: | Major | Last Reviewed: | 5/13/2003 |
---|
Keywords: | kbhowto kbinfo KB173939 |
---|
|