我查看了一些日志,发现对 AD 机器帐户进行了修改。事件 ID 为4742。事件名称为a computer account was changed.。
在日志中,它显示已更改/修改的属性,在这种情况下,它显示更改是对 UAC 值的:
Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x80
New UAC Value: 0x81
User Account Control:
Account Disabled
User Parameters: -
SID History: -
Logon Hours: -
DNS Host Name: -
Service Principal Names: -
如图所示,它将Old_UAC值更改为0x81。问题是,在Microsoft 文档,仅定义了0x80:
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
Value: 0x80
The user can send an encrypted password.
我找不到任何参考资料0x81。有人能解释一下吗?
答案1
UserAccountControl 是一个位标志属性。
0x81 包括:
ADS_UF_SCRIPT
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED