Windows Security Log Event ID 685
Operating Systems |
Windows 2003 and XP
|
Category | Account Management |
Type
|
Success
|
Corresponding events
in Windows
2008 and Vista |
4781
|
685: Account Name Changed
On this page
When an account name is changed, the SID remains the same. However the Target ID in this event indicates the new name. This is because when the operating system displays this event it evidently queries the database where the SID is stored and translates the SID to the domain\username.
A rogue admin might change his account name or computer name seeking to cover his tracks.
Free Security Log Resources by Randy
- Old Account Name: %1
- New Account Name: %2
- Target Domain: %3
- Target Account ID: %4 (the SID or domain\username)
- Caller User Name: %5
- Caller Domain: %6
- Caller Logon ID: %7
- Privileges: %8
Supercharger Enterprise
Load Balancing for Windows Event Collection
Win2003:
Account Name Changed:
Old Account Name: DC1$
New Account Name: DC3$
Target Domain: ACME
Target Account ID: ACME\DC3$
Caller User Name: administrator
Caller Domain: ACME
Caller Logon ID: (0x0,0x3C154)
Privileges: -
WinXP:
Account Name Changed:
Old Account Name: Guest
New Account Name: Guest1
Target Domain: STG
Target Account ID: STG\Guest1
Caller User Name: wsmith
Caller Domain: STG
Caller Logon ID: (0x0,0x3013E)
Privileges: -
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection