Our customer has security issue now, some users have been reset password by SYSTEM account like below:
Log Name: Security
Date: 7/23/2013 10:02:48 PM
Event ID: 4724
Task Category: User Account Management
Keywords: Audit Success
An attempt was made to reset an account's password.
This log is from Domain Controller (DC-01)
It repeat two days, about ten accounts for each day.
I try to troubleshoot this issue but I don't know why or who did it.
I scan for virus but not found any thing
Thank you all.
Thanks for posting in Microsoft TechNet forums.
Do you have FIM installed? If this is the case, the issue can be related to the password reset feature.
TechNet Subscriber Support
If you are
user and have any feedback on our support quality, please send your feedback
No, I don't have FIM . Do you have any other suggestion?
It has been not happened for two days ago, but today it come again.
Users claim alot because their password have been changed without notice :(
Pls help me!!!
P/S: Can you show me the way to check if FIM installed in this organization? Like Show the port it connect to AD server or something else. Thank you
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.
Would you like to participate?