Event ID 697 - Password Policy Checking API is called
|Description||Password Policy Checking API is called|
In Active Directory, event ID 697 is a typical behavior and is often observed on SQL servers which can be ignored.
This log data gives the following information:
|Caller Logon ID|
|Provided User Name (unauthenticated)|
Why event ID 697 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
ADAudit Plus records all modifications made on a GPO and lists these changes in a convenient and easily understandable reports. The time of change and the modification made are prominently displayed.
Event 697 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP