Event ID 644 May Be Logged When Auditing Is Not Enabled (304693)
The information in this article applies to:
- Microsoft Windows NT Server 4.0 Terminal Server Edition SP4
- Microsoft Windows NT Server 4.0 Terminal Server Edition SP5
- Microsoft Windows NT Server 4.0 Terminal Server Edition SP6
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
This article was previously published under Q304693 SYMPTOMS
On a computer that is running Windows NT 4.0, event ID 644 may be logged in the Security event log. Event ID 644 indicates that a user account is locked. This event may be logged even if you do not have auditing enabled.
CAUSE
This behavior occurs because the computer does not verify if auditing is enabled before it logs the event.
STATUS
This behavior is resolved in versions of Windows that are later than Windows NT 4.0, including Microsoft Windows 2000.
| Modification Type: | Major | Last Reviewed: | 5/14/2003 |
|---|
| Keywords: | kberrmsg kbprb KB304693 |
|---|
|