• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 410
  • Last Modified:

How to audit service password change?

Have a client with Server 2003, and 2 services run under user who is a domain administrator.  No one logs in as this user.  Occasionally the services stop and when I try to restart them, it can't due to a logon failure.  When I change the password in the service to what it should be, the service can start.

The domain account password isn't being changed in Active Directory, just the service it seems.

What is the best way to audit when a password is changed for a service?
0
CTS-Tech
Asked:
CTS-Tech
  • 3
  • 2
1 Solution
 
McKnifeCommented:
Use auditing on the corresponding registry key for that service below HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
You will see what process/user did change the info if you log writes.
0
 
CTS-TechAuthor Commented:
Do I do that in the registry?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
McKnifeCommented:
Yes. Rightclick HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services, choose "permissions" ->advanced ->auditing ->audit writes to that key for the group "everyone". To activate auditing, you need to set also the following:
->secpol.msc ->loc. pol. ->aud. pol. -> audit object access ->set to "enabled". From then on, writes to that key are logged in the security event log which you find after starting eventvwr.exe.
0
 
CTS-TechAuthor Commented:
I found the issue.  Previous IT guy had Group Policy permissions set to only allow certain accounts to login as a service.
0
 
CTS-TechAuthor Commented:
Thanks guys
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now