| Event Id | 628 |
| Source | Security |
| Description | User Account password set: Target Account Name: <Target Account Name> Target Domain: <Target Domain> Target Account ID: <Target Account ID> Caller User Name: <Caller User Name> Caller Domain: <Caller Domain> Caller Logon ID: <Caller Logon ID> |
| Event Information | According to Microsoft: Cause : The user account password was reset by another user who has permission to do so. The user who reset the password did not have to supply the old password. a)The Caller User Name field specifies the person who reset the password. b)The Target Account Name field specifies the person whose password was reset. Resolution : No user action is required. --------------------------------------------------------------------------------------------- Cause : This event indicates that the password for the specified user account (Target Account) was reset. The password of a user object can be reset only by someone who was granted the Reset Password right by the ACL on the user object, or who is a member of one of the following groups: Administrators, Account Operators, Domain Administrators, or Enterprise Administrators. This event might indicate that someone is trying to make changes without the appropriate permissions. |
| Reference Links | Event ID 628 from Source security |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.