Event ID: 4724An attempt was made to reset an account's password
An attempt was made to reset an account's password. Subject: Security ID: %4 Account Name: %5 Account Domain: %6 Logon ID: %7 Target Account: Security ID: %3 Account Name: %1 Account Domain: %2
This event generates every time an account attempted to reset the password for another account.
For user accounts, this event generates on domain controllers, member servers, and workstations.
For domain accounts, a Failure event generates if the new password fails to meet the password policy.
A Failure event does NOT generate if user gets “Access Denied” while doing the password reset procedure.
This event also generates if a computer account reset procedure was performed.
For local accounts, a Failure event generates if the new password fails to meet the local password policy.
ISO 27001:2013 A.9.2.1
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"User Account Management"
Operating Systems:Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019
Tags:Audit Failure Audit Success CJIS ISO 27001:2013
Audit Category:Account Management
Audit Subcategory:User Account Management
LEFT/RIGHT arrow keys for navigationBack to List