Event ID: 5377Credential Manager credentials were restored from a backup.
Credential Manager credentials were restored from a backup. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 This event occurs when a user restores his Credential Manager credentials from a backup. A user (even an Administrator) cannot restore the credentials of an account other than his own.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"User Account Management"
LEFT/RIGHT arrow keys for navigationBack to List