<div>
<div class="content wysiwyg-content">
Once a week, usually on the weekend around midnight or so, I have a Windows 2003 server that logs the following events back-to-back-to-back (within span of about 1 minute).<br />
<br />
642 (Success) - User Account Changed<br />
627 (Failure) - Change Password Attempt<br />
644 (Success) - User Account Locked Out<br />
671 (Success) - User Account Unlocked<br />
<br />
The events happen for each local account including Administrator, Guest, IWAM_, IUSR_, SUPPORT_, ASPNET, etc. successively.<br />
<br />
I've checked for any scheduled tasks or other processes that might be firing off and causing this, but can't find any correlation. &nbsp;It doesn't happen at the same time every time. &nbsp;It usually happens over the weekend, but not always.<br />
<br />
Any ideas?
</div>
</div>


Once a week, usually on the weekend around midnight or so, I have a Windows 2003 server that logs the following events back-to-back-to-back (within span of about 1 minute).

642 (Success) - User Account Changed
627 (Failure) - Change Password Attempt
644 (Success) - User Account Locked Out
671 (Success) - User Account Unlocked

The events happen for each local account including Administrator, Guest, IWAM_, IUSR_, SUPPORT_, ASPNET, etc. successively.

I've checked for any scheduled tasks or other processes that might be firing off and causing this, but can't find any correlation.  It doesn't happen at the same time every time.  It usually happens over the weekend, but not always.

Any ideas?

Event ID 642, 627, 644, 671 back-to-back-to-back on local accounts once a week

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).