How do I find out who changed a password.

Posted on 2007-10-08
Last Modified: 2013-12-04
User Account Changed:
 I have looked in the security event viewer for Eventid 642 and this is the result. The User is NT AUTHORITY\ANONYMOUS LOGON       

Target Account Name:      MyAccount
       Target Domain:      Mydomain
       Target Account ID:      MyDomain\MyAccount
       Caller User Name:      ANONYMOUS LOGON
       Caller Domain:      NT AUTHORITY
       Caller Logon ID:      (0x0,0x376F31CA)
       Privileges:      -
 Changed Attributes:
       Sam Account Name:      -
       Display Name:      -
       User Principal Name:      -
       Home Directory:      -
       Home Drive:      -
       Script Path:      -
       Profile Path:      -
       User Workstations:      -
       Password Last Set:      10/5/2007 12:09:50 PM
       Account Expires:      -
       Primary Group ID:      -
       AllowedToDelegateTo:      -
       Old UAC Value:      -
       New UAC Value:      -
       User Account Control:      -
       User Parameters:      -
       Sid History:      -
       Logon Hours:      -

I am trying to track down either the computer os user who made this change.

Question by:hamiltonitdept
    LVL 3

    Assisted Solution

    Its local user or under some domain\AD?
    Try to check closest Events to check any security changes (user logon\logoff, permisson granted etc)
    maybe it will hopeful:

    Author Comment

    It is a domain user
    LVL 3

    Assisted Solution

    So user change may be performed on client station or on domain controllers itself. So You may need to check security logs also on all domain controllers available.
    LVL 4

    Accepted Solution

    I also think you have to search in the security logs on all domain controllers.

    Get tools here:

    Use eventcombMT.exe to search for security event 642 on all domain controllers.
    Use nltest.exe from Windows Resource Kit tools to get the list of DCs:

    Start - Run - cmd
    nltest /DCLIST:<domainname>

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now