Re: User Password Security

On Feb 19, 12:28 pm, "ChuckN" <Ch...@xxxxxxxxxxxxxxxxxxxxxx> wrote:
We have a W2K3 Enterprise server as our DC.  In event viewer, I noticed
several similar events under security that I don't understand.

With event ID 646, a Computer Account Change is announced.  Based on the
time stamp, it indicates that the User Password was Last Set at the same
time as the event.  The User is listed as NT AUTHORITY\ANONYMOUS LOGON.
Under the description, an internal target account is listed.

I assume this is an automatic activity since it is not being initiated by
anyone.  Initially, I thought it might be someone getting into our system
and somehow accessing or changing passwords.  That does not seem to be the
case.

Any info would be appreciated.

I'd like to know some info about this event as well. I've done some
reading about this and from what I gather it is a normal occurance for
the machine passwords to be changed by AD. One person posted that it
happens every 30 days although I can't verify this. Any additional
info is GREATLY appreciated!!!!
.