Event ID: 4793The Password Policy Checking API was called
The Password Policy Checking API was called. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Additional Information: Caller Workstation: %5 Provided Account Name (unauthenticated): %6 Status Code: %7
This event generates each time the Password Policy Checking API is called.
The Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.
This event, for example, generates during Directory Services Restore Mode (DSRM) account password reset procedure to check new DSRM password.
This event generates on the computer where Password Policy Checking API was called.
Note that starting with Microsoft SQL Server 2005, the “SQL Server password policy” feature can generate many 4793 events on a SQL Server.
Audit this event on domain controllers to identify unauthorized use of the RetrieveEncryptedSourcePasswords function.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Other Account Management Events"
LEFT/RIGHT arrow keys for navigationBack to List