It starts with the event
4720 (account created) and multiple
4732 events (member added to some security-enabled group). This account must be enabled (
4722) before it can be used. You might see 4738 (account was changed) or even
4724 (password reset attempt).
4728- member was added to a security-enabled global group.
4732- member was added to a security-enabled local group.
4756- member was added to a security-enabled universal group.
🐾 account usage 🐾 last time the password was changed
⏰ Only the last login time will be stored in the registry key.