How to Audit User Password Changes

Active Directory
Reporting
Password Changes
User Password Changes
https://kb.netwrix.com/4721
Copy Article URL Copied

Scenario

User Password Changes are not appearing in Search or Report results.

Cause

By default User Password Change auditing is disabled.

Solution

This functionality can be easily enabled by navigating to the following file location:

“C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing\omitproplist.txt”

Open the “omitproplist.txt” and find the entry of *.PasswordChanged and comment it out with a pound/hash sign (#), like so #*.PasswordChanged

When you save the omit list, you will need to have either opened Notepad as Admin or choose to save the file to the desktop and then drop/replace as admin, otherwise you will receive an “Access is Denied” when trying to save the file.

All future User Password Changes will now be audited by Netwrix Auditor.

Go Up