Information
This subcategory reports each event of computer account management, such as when a computer account is created, changed, deleted, renamed, disabled, or enabled.
Events for this subcategory include: - 4741: A computer account was created.
- 4742: A computer account was changed.
- 4743: A computer account was deleted.
The recommended state for this setting is: 'Success and Failure'.
Solution
To establish the recommended configuration via GP, set the following UI path to 'Success and Failure':
Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\Audit Computer Account Management