|
|
|
Junior Member
 
Group: Forum Members
Last Login: 10/17/2013 10:38:49 AM
Posts: 16,
Visits: 3
|
|
Gentlemen, I would like to raise a question regarding group object change events occurred in the domain which we think is not correct. We received few notifications through a third party application stating that a member '-' was removed from Domain local security group " Administrators " by " Domain controller$ " .Tried to find details in security logs resulted nothing but with the same entries. What would be the cause for this behavior and why would the computer account of the domain controller remove an unknown member from Administrators group. Is this some kind of automation or of any significance. Please help in understanding the above event.
Thanks, Bruce
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/19/2013 11:22:24 PM
Posts: 2,
Visits: 2
|
|
Unexpectedly one of the users from the Remote desktop user rights in windows 2003 server with SP2, but i have verified the security logs from the eventvwr event id:637, there is no activity found it.
Already account management has been enabled for audit success and failure.
Can you share with me, how can i find who has removed? It is bug in windows 2003?
Thanks
Yasir
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/19/2013 11:22:24 PM
Posts: 2,
Visits: 2
|
|
Unexpectedly one of the users has removed from the Remote desktop user rights in windows 2003 server with SP2, but i have verified the security logs from the eventviewer event id:637, there is no activity found it.
Already account management has been enabled for audit success and failure.
Can you share with me, how can i find who has removed? It is bug in windows 2003?
|
|
|
|