Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > LEM Event computer account " " changed after hours

LEM Event computer account " " changed after hours

Table of contents
Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 10 Votes: 1 Revisions: 4

Overview

This article provides information about the LEM Event computer account changing after hours. 

Using the default alerts, you get some alerts on out of business hours such as:

computer account "somename-dm\johnjjj$" changed: "-" at 2016-03-09 01:14:39.0

 

What changed in this example?

The business isn't open at 1AM and no one should have access.

Environment

All versions of LEM with Windows Agents

Detail

LEM monitors and acts on Events. It is likely that you are receiving a Windows eventid=646 or 4742.
In LEM, this is represented as the ProviderSID.

 

Check the link below for more details:

https://www.ultimatewindowssecurity....px?eventid=646

https://www.ultimatewindowssecurity....x?eventID=4742

 

Last modified
20:13, 22 Jun 2016

Tags

Classifications

Public