Solved

windows 2008 event id database

Posted on 2011-02-16
8
473 Views
Last Modified: 2012-05-11
when you do not know an event id but have an understanding of what you want to look for, is there a database where you can search by keyword - for example "remove user from group"- find it from the list, get the event id and then look in event viewer for that event id?

thanks
0
Comment
Question by:anushahanna
  • 4
  • 4
8 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 34909547
Best site is http://www.eventid.net/

Try this way while searching in google, this way you can drill down into the site

sites:http://www.eventid.net put your description
sites:http://www.microsoft.com exchange
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34909985
http://www.eventid.net to search by description is asking for membership.

trying
sites:http://www.eventid.net remove user from group
did not bring anything quickly or easily.

any other options?
0
 
LVL 42

Expert Comment

by:Amit
ID: 34910098
Search on google.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Author Comment

by:anushahanna
ID: 34910499
I am trying..

compared to "remove user from group"
what are other appropriate words to search by?
0
 
LVL 42

Expert Comment

by:Amit
ID: 34910893
Try like

how to remove user from group active directory

what are you really trying to find. I can help you fast
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34916760
thanks Amit-

someone removed domain users from Admin group- just need to check the audit on that- when it was done.
0
 
LVL 42

Accepted Solution

by:
Amit earned 500 total points
ID: 34917677
In order to trace that, first you need to enable the Auditing settings. Goto>Default Domain Controller policy and see what is enabled. Attaching screenshot.

Then goto to security logs and trace for event id

609 -  User Right Removed  

Here is the site which you are searching
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

I hope you have all your answer now
audit.bmp
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34919078
very very good - thanks.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question