Event ID: 4793

The Password Policy Checking API was called

The Password Policy Checking API was called.

Subject:
    Security ID:    %1
    Account Name:   %2
    Account Domain: %3
    Logon ID:       %4

Additional Information:
    Caller Workstation:                      %5
    Provided Account Name (unauthenticated): %6
    Status Code:                             %7
Microsoft Documentation

Event ID - 4793



This event generates each time the Password Policy Checking API is called.

The Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.

This event, for example, generates during Directory Services Restore Mode (DSRM) account password reset procedure to check new DSRM password.

This event generates on the computer where Password Policy Checking API was called.

Note that starting with Microsoft SQL Server 2005, the “SQL Server password policy” feature can generate many 4793 events on a SQL Server.



Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any S-1-5-21-3457937927-2839227994-823803824-1104
Account Name SubjectUserName %2 Any dadmin
Account Domain SubjectDomainName %3 Any DOMAIN
Logon ID SubjectLogonId %4 Any 0x36f67
Caller Workstation Workstation %5 Any ComputerName
Provided Account Name (unauthenticated) TargetUserName %6 Any -
Status Code Status %7 Any 0x0


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Other Account Management Events"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List