Navigation:  Web Reports > Compliance Tracking >

Account Management Tracking

 Top  Previous  Next

If you configured Account Management Tracking then you can run queries to search for various account management-related activity on one of the following pages in the Compliance -> Account Changes section:

 

Computer Account
Group Account
User Account

 

Common fields for all Account Management pages

 

# (Event Number)

The event number of the windows event that was logged by the OS to indicate the account change. You can click on the event number to display this event, assuming that a corresponding filter has been setup to capture these events.

 

Computer

This is the computer where the user, group or computer account was changed. This computer is always a domain controller for computer accounts.

 

Source Computer

The source computer from which the account change was initiated. This information is only available when "Retrieve Source IP Address and Computer Name" is checked, and when a related logon event was previously monitored by EventSentry.

 

Action

The type of action performed, e.g. "Account Created" or "Member Added".

 

Target Account, Target Domain

The account (user, group or computer) that was changed, including the domain. The domain may be the same as the computer name if the user or group account that was modified was local.

 

Target Account ID, Target Account SID

The account ID of the account changed, usually a combination of the target domain and the target account. The account's SID is shown when you hover over the target account ID with the mouse, and the account SID will also be shown in place of the target account ID, if the same is not available.

 

Caller User, Caller Domain, Caller Logon ID

The user name, domain and logon id of the account that initiated the change.

 

Computer & User Account Management

 

Details

Details of the action performed, if available. For example, the detail could indicate that the password for the account was set: "Password Last Set=4/22/2008 1:53:13 PM".

 

Group Account Management

 

Group Type

The type of the group that was changed, which can either be Security or Distribution.

 

Group Scope

The scope of the group that was changed, which can either be Local, Global or Universal.

 

Member Account ID

The account ID of the member, if a member was added or removed from a group.

 

Member Name

If the member is part of a domain, lists the re-formatted DN. For example, yourdomain.local\MyBusiness\Users\Support\JonDoe.

 

Group Type Change

If the scope of a group was changed, contains the change details.