Audit Other Account Management Events
Audit Other Account Management Events determines whether the operating system generates user account management audit events.
Event volume: Typically Low on all types of computers.
This subcategory allows you to audit next events:
The password hash of a user account was accessed. This happens during an Active Directory Management Tool password migration.
The Password Policy Checking API was called. Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|---|---|---|---|---|---|
| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “4782(S): The password hash of an account was accessed.” This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | No | No | No | No | The only event which is generated on Member Servers is “4793(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | No | No | No | No | The only event which is generated on Workstations is “4793(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
Events List: