Windows Security Log Event ID 643
Operating Systems |
Windows Server 2000
Windows 2003 and XP
|
Category | Account Management |
Type
|
Success
|
Corresponding events
in Windows
2008 and Vista |
4739
|
643: Domain Policy Changed
On this page
This event varies depending on the OS
Win2000
W2k logs frequent occurrences of this event even if you haven't changed your password policy. Each time Win2K applies Group Policy, it doesn't check to see whether the new and old policies are actually different. You can ignore event ID 643.
Win2003
Unlike w2k, w3 properly logs this event only when the password or lockout policy or domain mode changes. Additionally the actual settings changed are identified with their new values under Change Attributes.
The following Changed Attributes correspond to settings group policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy:
Password Properties = "Password must meet complexity requirements" and "Store password using reversible encryption for all users in the domain"
- 0 = both complexity and reversible encryption disabled
1 = complexity enabled and reversible encryption disabled
- 16 = complexity disabled and reversible encryption enabled
- 17 = both complexity and reversible encryption enabled
Min. Password Age = Minimum password age
Max. Password Age = Maximum password age
Min. Password Length = Minimum password length
Password History Length = Enforce password history
The following Changed Attributes correspond to settings group policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy:
Lockout Threshold = Account lockout threshold
Lockout Observation Window = Reset account lockout counter after
Lockout Duration = Account lockout duration
The following Changed Attributes correspond to settings group policy under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options:
Force Logoff = Network security: Force logoff when logon hours expire
Free Security Log Resources by Randy
- Domain Policy Changed: %1 modified
- Domain Name: %2
- Domain ID: %3
- Caller User Name: %4
- Caller Domain: %5
- Caller Logon ID: %6
- Privileges: %7
- Changed Attributes: (the following fields do not appear in Windows 2000)
- Min. Password Age: %8
- Max. Password Age: %9
- Force Logoff: %10
- Lockout Threshold: %11
- Lockout Observation Window: %12
- Lockout Duration: %13
- Password Properties: %14
- Min. Password Length: %15
- Password History Length: %16
- Machine Account Quota: %17
- Mixed Domain Mode: %18
- Domain Behavior Version: %19
- OEM Information: %20
Supercharger Free Edition
Win2000
Domain Policy Changed: Password Policy modified
Domain:ELMW2
Domain ID:ELMW2
Caller User Name:W2DC$
Caller Domain:ELMW2
Caller Logon ID:(0x0,0x3E7)
Privileges:-
Win2003
Domain Policy Changed: - modified
Domain Name:ELM
Domain ID:ELM
Caller User Name:administrator
Caller Domain:ELM
Caller Logon ID:(0x0,0x158EB7)
Privileges:-
Changed Attributes:
Min. Password Age:-
Max. Password Age:-
Force Logoff:-
Lockout Threshold:-
Lockout Observation Window:-
Lockout Duration:-
Password Properties:-
Min. Password Length:-
Password History Length:-
Machine Account Quota:-
Mixed Domain Mode:-
Domain Behavior Version:2
OEM Information:-
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection