There is a user on the network that has been shutting down the server. I have been asked to find out who that user is. Users access the server via PCAnywhere and Terminal Services. How can I log the server activity so that I can report as to which users is initiating the server shutdown.
After this is determined I will define security policy to disable remote shutdown etc.. but for now the admin requires that we report as to whom is shutting down server.