?
Solved

Checking user added and removed from administrator group in windows

Posted on 2009-05-14
2
Medium Priority
?
275 Views
Last Modified: 2012-05-07
Hi,
I'm looking for method that we can trace previous removed and added user in windows administrator group, will this be possible to trace?
0
Comment
Question by:motioneye
2 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 24393636
You might want to look into the windows auditing features.

Depending on what level you are looking at you will need some extensive space for log files though.
0
 
LVL 11

Accepted Solution

by:
Dmitriy Ilyin earned 1500 total points
ID: 24393639
Easy way to monitor this with mail.
all you needed it's
1. PowerShell - http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx
2. Powershell extension - http://www.quest.com/activeroles-server/arms.aspx
3. Script
4. Sheduled task.

Script you can find below.
Get-QADGroupMember -Identity "Domain admins" | FT Name > C:\members.txt
 
###change the mail message values in this section
$FromAddress = "Administrator@**.**"
$ToAddress = "D.Ilyin@**.**"
$MessageSubject = "Group Membership Report"
$MessageBody = "Attached is the current list of mailbox sizes."
$SendingServer = "srvex1.**.**"
 
###Create the mail message and add the text file as an attachment
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment("c:\members.txt")
Start-Sleep -s 5
$SMTPMessage.Attachments.Add($Attachment)
 
###Send the message
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage)

Open in new window

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question