Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > LEM Event computer account " " changed after hours

LEM Event computer account " " changed after hours

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 796 Votes: 1 Revisions: 4

Overview

This article provides information about the LEM Event computer account changing after hours. 

Using the default alerts, you get some alerts on out of business hours such as:

computer account "somename-dm\johnjjj$" changed: "-" at 2016-03-09 01:14:39.0

 

What changed in this example?

The business isn't open at 1AM and no one should have access.

Environment

All versions of LEM with Windows Agents

Detail

LEM monitors and acts on Events. It is likely that you are receiving a Windows eventid=646 or 4742.
In LEM, this is represented as the ProviderSID.

 

Check the link below for more details:

https://www.ultimatewindowssecurity....px?eventid=646

https://www.ultimatewindowssecurity....x?eventID=4742

 

Last modified
20:13, 22 Jun 2016

Tags

Classifications

Public