joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

Archive for January 14th, 2013

Decoding the Caller Logon ID value in event logs

by @ Monday, January 14th, 2013. Filed under tech

I was pinged today by a coworker who was trying to track down password change audit entries that looked something like: Event Type:        Success Audit Event Source:    Security Event Category:                Account Management Event ID:              628 Date:                     1/14/2013 Time:                     2:52:32 PM User:                     NT AUTHORITY\SYSTEM Computer:         DCNAME Description: User Account password set:                Target Account Name:   USERID […]

[joeware – never stop exploring… :) is proudly powered by WordPress.]