ID Event Description
4720 A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
4722 A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
4723 An attempt was made to change an account's password
Audit Success, Audit Failure, CJIS
4724 An attempt was made to reset an account's password
Audit Failure, Audit Success, CJIS, ISO 27001:2013
4725 A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
4726 A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
4738 A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
4740 A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
4765 SID History was added to an account
Domain Controller, Audit Success
4766 An attempt to add SID History to an account failed
Domain Controller, Audit Failure
4767 A user account was unlocked
ISO 27001:2013, Audit Success
4781 The name of an account was changed
Audit Success
4794 An attempt was made to set the Directory Services Restore Mode administrator password
Domain Controller, Audit Success, Audit Failure
4797 An attempt was made to query the existence of a blank password for an account
4798 A user's local group membership was enumerated
Audit Success
5376 Credential Manager credentials were backed up.
Audit Success
5377 Credential Manager credentials were restored from a backup.
Audit Success