How to Audit User Password Changes

Active Directory
Password Changes
User Password Changes
Copy Article URL Copied


User Password Changes are not appearing in Search or Report results.


By default User Password Change auditing is disabled.


This functionality can be easily enabled by navigating to the following file location:

“C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing\omitproplist.txt”

Open the “omitproplist.txt” and find the entry of *.PasswordChanged and comment it out with a pound/hash sign (#), like so #*.PasswordChanged

When you save the omit list, you will need to have either opened Notepad as Admin or choose to save the file to the desktop and then drop/replace as admin, otherwise you will receive an “Access is Denied” when trying to save the file.

All future User Password Changes will now be audited by Netwrix Auditor.

Go Up