Event ID: 4739

Domain Policy was changed

Domain Policy was changed.

Change Type:            %1 modified

    Security ID:        %4
    Account Name:       %5
    Account Domain:     %6
    Logon ID:           %7

    Domain Name:        %2
    Domain ID:          %3

Changed Attributes:
    Min. Password Age:  %9
    Max. Password Age:  %10
    Force Logoff:       %11
    Lockout Threshold:  %12
    Lockout Observation Window: %13
    Lockout Duration:           %14
    Password Properties:        %15
    Min. Password Length:       %16
    Password History Length:    %17
    Machine Account Quota:      %18
    Mixed Domain Mode:          %19
    Domain Behavior Version:    %20
    OEM Information:            %21

Additional Information:
    Privileges:                 %8
Microsoft Documentation

Event ID - 4739

Generates when one of the following changes was made to local computer security policy:

  • Computer’s Security Settings\Account Policies\Account Lockout Policy settings were modified.

  • Computer's Security Settings\Account Policies\Password Policy settings were modified.

  • Network security: Force logoff when logon hours expire group policy setting was changed.

  • Domain functional level was changed or some other attributes changed (see details in event description).

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Authentication Policy Change"
How to enable Windows Auditing

LEFT/RIGHT arrow keys for navigation

Back to List