Solved

Checking user added and removed from administrator group in windows

Posted on 2009-05-14
2
262 Views
Last Modified: 2012-05-07
Hi,
I'm looking for method that we can trace previous removed and added user in windows administrator group, will this be possible to trace?
0
Comment
Question by:motioneye
2 Comments
 
LVL 15

Expert Comment

by:Rob Stone
Comment Utility
You might want to look into the windows auditing features.

Depending on what level you are looking at you will need some extensive space for log files though.
0
 
LVL 11

Accepted Solution

by:
Dmitriy Ilyin earned 500 total points
Comment Utility
Easy way to monitor this with mail.
all you needed it's
1. PowerShell - http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx
2. Powershell extension - http://www.quest.com/activeroles-server/arms.aspx
3. Script
4. Sheduled task.

Script you can find below.
Get-QADGroupMember -Identity "Domain admins" | FT Name > C:\members.txt
 

###change the mail message values in this section

$FromAddress = "Administrator@**.**"

$ToAddress = "D.Ilyin@**.**"

$MessageSubject = "Group Membership Report"

$MessageBody = "Attached is the current list of mailbox sizes."

$SendingServer = "srvex1.**.**"
 

###Create the mail message and add the text file as an attachment

$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody

$Attachment = New-Object Net.Mail.Attachment("c:\members.txt")

Start-Sleep -s 5

$SMTPMessage.Attachments.Add($Attachment)
 

###Send the message

$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer

$SMTPClient.Send($SMTPMessage)

Open in new window

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now