Forum

Ultimate Windows Security Forum » Security Log » 628 - User Account password set » Event ID 628: Password reset by...

Event ID 628: Password reset by...

Rate Topic

Display Mode

Topic Options

Author

Message

dago1010

Posted 7/12/2010 1:24:54 AM

Forum Newbie

Group: Forum Members
Last Login: 7/12/2010 12:50:32 AM
Posts: 1, Visits: 0

Hi,

on several Windows XP SP3 Clients we found event ID 628 together with event ID 642. The caller's username in both eventlog entries is computername$ (NTAUTHORITY\System).

We assume that some unauthoritzed users gained local admin rights on their machines and that those entries have something to do with it. What does it mean if the caller of an ID 628 is NTAuthority\System?

Kind regards,

Dago

Post #414

RandyFranklinSmith

Posted 8/28/2010 5:02:52 PM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0

I missed seeing this question unitl now. Whose password was reset? Check the Target Account Name

Post #446

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 10:25am

Upcoming Webinars

AnchorDNS: How TrickBot Malware Hides C2 Inside DNS Traffic and How to Turn the Tables

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.