Checking user added and removed from administrator group in windows

Hi,
I'm looking for method that we can trace previous removed and added user in windows administrator group, will this be possible to trace?
motioneyeAsked:
Who is Participating?
 
Dmitriy IlyinConnect With a Mentor senior system administratorCommented:
Easy way to monitor this with mail.
all you needed it's
1. PowerShell - http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx
2. Powershell extension - http://www.quest.com/activeroles-server/arms.aspx
3. Script
4. Sheduled task.

Script you can find below.
Get-QADGroupMember -Identity "Domain admins" | FT Name > C:\members.txt
 
###change the mail message values in this section
$FromAddress = "Administrator@**.**"
$ToAddress = "D.Ilyin@**.**"
$MessageSubject = "Group Membership Report"
$MessageBody = "Attached is the current list of mailbox sizes."
$SendingServer = "srvex1.**.**"
 
###Create the mail message and add the text file as an attachment
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment("c:\members.txt")
Start-Sleep -s 5
$SMTPMessage.Attachments.Add($Attachment)
 
###Send the message
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage)

Open in new window

0
 
Rob StoneCommented:
You might want to look into the windows auditing features.

Depending on what level you are looking at you will need some extensive space for log files though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.