Re: domain administrator account password reset
- From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 07:39:42 -0500
If auditing is enabled (Account Management), it will show you that the
administrator password has been changed. Not much help since you know it
has been changed.
Look for event ids 627 and 628, setting a filter will lhelp.
http://www.windowsecurity.com/articles/Auditing-Users-Groups-Windows-Security-Log.html
--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Andrew Story" <andrewDOTstoryATjameswalkerDOTbiz> wrote in message
news:eNc3vBt4GHA.4352@xxxxxxxxxxxxxxxxxxxxxxx
An admin has done this, is there anyway to find out which account was
responsible for this?
Any info much appreciated (as always)
.
- References:
- domain administrator account password reset
- From: Andrew Story
- domain administrator account password reset
- Prev by Date: Re: requirements for "Computer Management" remote Connection
- Next by Date: Re: move printer shares
- Previous by thread: domain administrator account password reset
- Next by thread: Detect machines used by roaming profile users
- Index(es):
Relevant Pages
|
