Banks, credit unions, insurance companies,
Service principle name attribute changes are being reported as made by System or by computer account
|The Service Principle Name attribute allows a service on a particular server to be associated with an account responsible for the management of the service, thereby permitting mutual Kerberos authentication. Changes to this attribute are usually being made by the System in response to the operating system changes on a specific computer: For example, installation of operating system updates, computer name changes, installation of SQL Server and others.
The “Who changed” filed for the Service Principle Name attribute changes may contain the following:
Considering the fact that the Service Principle Name attribute is being changed only for system purpose we recommend to exclude this attribute from reporting by adding the *.ServicePrincipleName line into the omitproplist.txt file which is located in the NetWrix Auditor installation directory (by default C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing\). Please also check the unomitproplist.txt file located in the same directory and remove the *.ServicePrincipleName line.
For more information regarding Service Principle Name attribute and its usage please refer to the following Microsoft KB articles: