Event ID 16983 — The security account manager is now logging periodic summary events for remote clients that call legacy password change or set RPC methods.

Provider: Microsoft-Windows-Directory-Services-SAM
Channel: System
Level: Informational

Description

The security account manager is now logging periodic summary events for remote clients that call legacy password change or set RPC methods.

Message #

The security account manager is now logging periodic summary events for remote clients that call legacy password change or set RPC methods.

For more information please see https://go.microsoft.com/fwlink/?linkid=2150956.

Fields #

Name	Description
`Name`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Directory-Services-SAM",
    "guid": "0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE",
    "event_source_name": "",
    "event_id": 16983,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T06:25:28.084211+00:00",
    "event_record_id": 1668,
    "correlation": {
      "ActivityID": "F590C418-1079-0001-5BC5-90F57910DA01"
    },
    "execution": {
      "process_id": 808,
      "thread_id": 812
    },
    "channel": "System",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "SAMMSG_AUDIT_LEGACY_PWD_RPC_METHODS_OFF"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline