Event ID 686 - Password of the following user accessed
|Description||Password of the following user accessed|
This log data gives the following information:
|Target User Name
Target User Domain
Caller User Name
Caller Logon ID
Why event ID 686 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
ADAudit Plus makes Active Directory auditing very easy by tracking Password Status Changes for Users like password set or changed and account locked out/unlocked details with the help of pre-defined reports and instant alerts.
Event 686 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP