Event ID 4616: The system time was changed.
|Description||The system time has been changed. The event describes the old and new time.|
The event logs the following information:
|Process ID||Unique identifier of the process.|
|Process name||Path and name of the process that changed the time. Will usually be rundll32.exe (Control Panel), cmd.exe (Time command) or svchost (if the time was changed by the system in connection with the Windows time synchronization service or NTP)|
|Primary user name||Will correspond to local system if changed automatically; otherwise will identify the actual user if changed through control panel or the time command.|
|Primary domain||Domain of the user.|
|Primary logon ID||Logon ID of the user that correlates to the logon ID in the user's logon session (event ID 528 or 540)|
|Client user name||The user name of the user who changed the time|
|Client domain||The domain to which the client user belongs to.|
|Client logon ID||Logon ID of the user that changed the time.|
|Previous time||Time before the event occurred.|
|New time||Time after the event occurred.|
- ADAudit Plus can collect these logs in real time and thus lets you know whenever any change in system time occurs.
- ADAudit plus also has features that can alert you via E-mail or SMS when system time has been changed.
- The intuitive reports generated by ADAudit Plus let you know who changed the system time, when it was changed and on which machine it was changed.
Event 4616 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Corresponding event in Windows Server 2003 and earlier versions - Event 520
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools