Solved

windows 2008 event id database

Posted on 2011-02-16
8
470 Views
Last Modified: 2012-05-11
when you do not know an event id but have an understanding of what you want to look for, is there a database where you can search by keyword - for example "remove user from group"- find it from the list, get the event id and then look in event viewer for that event id?

thanks
0
Comment
Question by:anushahanna
  • 4
  • 4
8 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 34909547
Best site is http://www.eventid.net/

Try this way while searching in google, this way you can drill down into the site

sites:http://www.eventid.net put your description
sites:http://www.microsoft.com exchange
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34909985
http://www.eventid.net to search by description is asking for membership.

trying
sites:http://www.eventid.net remove user from group
did not bring anything quickly or easily.

any other options?
0
 
LVL 42

Expert Comment

by:Amit
ID: 34910098
Search on google.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34910499
I am trying..

compared to "remove user from group"
what are other appropriate words to search by?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 42

Expert Comment

by:Amit
ID: 34910893
Try like

how to remove user from group active directory

what are you really trying to find. I can help you fast
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34916760
thanks Amit-

someone removed domain users from Admin group- just need to check the audit on that- when it was done.
0
 
LVL 42

Accepted Solution

by:
Amit earned 500 total points
ID: 34917677
In order to trace that, first you need to enable the Auditing settings. Goto>Default Domain Controller policy and see what is enabled. Attaching screenshot.

Then goto to security logs and trace for event id

609 -  User Right Removed  

Here is the site which you are searching
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

I hope you have all your answer now
audit.bmp
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34919078
very very good - thanks.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now