4 Replies Latest reply on Jul 17, 2017 3:43 PM by philcosta

    monitor password changes

    ravenkind

      I have enabled the right policies in AD now, and I'm starting to see these events hit the LEM:

       

      Event Name: UserModifyAttribute

      EventInfo: Password Change "domain\username" Success

       

      Event Name: UserModifyAttribute

      EventInfo: Password Change "domain\username" Failed

       

      What I would like to do is alert on these.  Is there a rule already set up that would fire an email? If so, I have been unable to locate it.

      Under Rule Categories & Tags > Change Management > User Changes

      I do not see anything that falls into the "User changed password" category

       

      Is this where I would need to first build an email template, then build a rule?

       

      My endgame here is similar to where web sites will fire an email alert to a user when a password is changed.

      You know, like "A password change has been detected. If this was you please ignore this email. If you did not make this change please contact us."

       

      I would like to verify with my users that they are indeed the ones initiating the change