Microsoft KB Archive/304693

From BetaArchive Wiki
Knowledge Base


Event ID 644 May Be Logged When Auditing Is Not Enabled

Article ID: 304693

Article Last Modified on 2/28/2007


APPLIES TO

  • Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 4
  • Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 5
  • Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
  • Microsoft Windows NT 4.0 Service Pack 4
  • Microsoft Windows NT 4.0 Service Pack 5
  • Microsoft Windows NT 4.0 Service Pack 6
  • Microsoft Windows NT 4.0 Service Pack 6a
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition


This article was previously published under Q304693

SYMPTOMS

On a computer that is running Windows NT 4.0, event ID 644 may be logged in the Security event log. Event ID 644 indicates that a user account is locked. This event may be logged even if you do not have auditing enabled.

CAUSE

This behavior occurs because the computer does not verify if auditing is enabled before it logs the event.

STATUS

This behavior is resolved in versions of Windows that are later than Windows NT 4.0, including Microsoft Windows 2000.

Keywords: kberrmsg kbprb KB304693



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/304693&oldid=167003
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki