Solved

windows 2008 event id database

Posted on 2011-02-16
8
474 Views
Last Modified: 2012-05-11
when you do not know an event id but have an understanding of what you want to look for, is there a database where you can search by keyword - for example "remove user from group"- find it from the list, get the event id and then look in event viewer for that event id?

thanks
0
Comment
Question by:anushahanna
  • 4
  • 4
8 Comments
 
LVL 43

Expert Comment

by:Amit
ID: 34909547
Best site is http://www.eventid.net/

Try this way while searching in google, this way you can drill down into the site

sites:http://www.eventid.net put your description
sites:http://www.microsoft.com exchange
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34909985
http://www.eventid.net to search by description is asking for membership.

trying
sites:http://www.eventid.net remove user from group
did not bring anything quickly or easily.

any other options?
0
 
LVL 43

Expert Comment

by:Amit
ID: 34910098
Search on google.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 6

Author Comment

by:anushahanna
ID: 34910499
I am trying..

compared to "remove user from group"
what are other appropriate words to search by?
0
 
LVL 43

Expert Comment

by:Amit
ID: 34910893
Try like

how to remove user from group active directory

what are you really trying to find. I can help you fast
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34916760
thanks Amit-

someone removed domain users from Admin group- just need to check the audit on that- when it was done.
0
 
LVL 43

Accepted Solution

by:
Amit earned 500 total points
ID: 34917677
In order to trace that, first you need to enable the Auditing settings. Goto>Default Domain Controller policy and see what is enabled. Attaching screenshot.

Then goto to security logs and trace for event id

609 -  User Right Removed  

Here is the site which you are searching
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

I hope you have all your answer now
audit.bmp
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34919078
very very good - thanks.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question