Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > LEM Event computer account " " changed after hours

LEM Event computer account " " changed after hours

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 980 Votes: 1 Revisions: 4

Overview

This article provides information about the LEM Event computer account changing after hours. 

Using the default alerts, you get some alerts on out of business hours such as:

computer account "somename-dm\johnjjj$" changed: "-" at 2016-03-09 01:14:39.0

 

What changed in this example?

The business isn't open at 1AM and no one should have access.

Environment

All versions of LEM with Windows Agents

Detail

LEM monitors and acts on Events. It is likely that you are receiving a Windows eventid=646 or 4742.
In LEM, this is represented as the ProviderSID.

 

Check the link below for more details:

https://www.ultimatewindowssecurity....px?eventid=646

https://www.ultimatewindowssecurity....x?eventID=4742

 

Last modified

Tags

Classifications

Public