Microsoft KB Archive/822703

= How to Determine Whether Users Changed Their Passwords Before an Account Lockout =

Article ID: 822703

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server
 * Microsoft Windows NT Server 4.0 Standard Edition

-





IN THIS TASK

 * SUMMARY
 * Audit Account Management in Microsoft Windows 2000 Server and Windows Server 2003
 * Audit Account Management in Microsoft Windows NT 4.0
 * REFERENCES



SUMMARY
This step-by-step article describes how to determine whether users changed their passwords before an account lockout. You may want to configure an audit account management policy to determine whether users changed their passwords before an account lockout occurred. This policy may be useful when users forget their new passwords, or when users continue to use their old passwords.

back to the top

Audit Account Management in Microsoft Windows 2000 Server and Windows Server 2003

 * 1) Click Start, and then click Run.
 * 2) In the Open box, type mmc, and then click OK.
 * 3) On the Console menu, click Add/Remove Snap-in, and then click Add.
 * 4) In the Add Standalone Snap-in dialog box, click Group Policy, click Add, click Finish, click Close, and then click OK.
 * 5) Double-click Local Computer Policy, and then double-click Computer Configuration.
 * 6) Double-click Windows Settings, and then double-click Security Settings.
 * 7) Double-click Local Policies, and then double-click Audit Policy.
 * 8) In the right pane, double-click Audit account management.
 * 9) In the Local Security Policy Setting dialog box, click to select the Success and the Failure check boxes, and then click OK.
 * 10) Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
 * 11) Click Security Log, and then in the right pane, double-click Success Audit or Failure Audit.

back to the top

Audit Account Management in Microsoft Windows NT 4.0

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click User Manager for Domains.
 * 2) Click Policies on the menu bar, and then click Audit.
 * 3) Click Audit These Events.
 * 4) Click to select the Failure check box for the Logon and Logoff event.
 * 5) Click to select the Success and the Failure check boxes for the User and Group Management event, and then click OK.
 * 6) Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
 * 7) Click Log on the menu bar, and then click Security.

back to the top

