How to check which user has changes the local account password policy

search cancel

How to check which user has changes the local account password policy

book

Article ID: 425369

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

For audit purposes need to find which user has modified the password policy on the vCenter server.

Environment

VMware vCenter 7.x

VMware vCenter 8.x

Resolution

To check which user has initiated a local password policy change you can run the below command on the vCenter:

less /var/log/vmware/sso/ssoAdminServer.log | grep " Updating local password policy"

YYYY-MM-DDTHH:MM:SS.XX INFO ssoAdminServer[98:pool-2-thread-2] [OpId=XXXX] [com.vmware.identity.admin.vlsi.PasswordPolicyServiceImpl] [User {Name: <User_Name>, Domain: <Domain>} with role '<User_Role>'] Updating local password policy

To check the changed values you can run the below:

/var/log/vmware/vmdird/vmdird.log | grep -i "vmwPassword"

Additional Information

For details on other vCenter logs refer:

Location of vCenter Server log files

Feedback

thumb_up Yes

thumb_down No