Getting the account management activity is an essential process for auditing purpose. We can check it at the windows event log if the auditing for account management is enabled. To automate this tiresome job, I wrote this powershell script to make life easier.
This script will show you all the changes that admin made to the user/system account, such as the time when the password was reset and who reset the password; who added user to specified group; which attributes of user account was changed. Before running this script, you’ll have to enable auditing of account management to ‘Success’ in local security policy, for the enough of the time so that required events are collected. Don’t worry I have included the user’s option to enable from within this script. Continue reading “Find who reset my password: The Powershell Script to Audit User Accounts Changes”
Skip to content
A Passionated System Admin's Blog
Powershell, Windows Servers, VMware and Scriptings