Solved

windows 2008 event id database

Posted on 2011-02-16
8
476 Views
Last Modified: 2012-05-11
when you do not know an event id but have an understanding of what you want to look for, is there a database where you can search by keyword - for example "remove user from group"- find it from the list, get the event id and then look in event viewer for that event id?

thanks
0
Comment
Question by:anushahanna
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 43

Expert Comment

by:Taurus
ID: 34909547
Best site is http://www.eventid.net/

Try this way while searching in google, this way you can drill down into the site

sites:http://www.eventid.net put your description
sites:http://www.microsoft.com exchange
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34909985
http://www.eventid.net to search by description is asking for membership.

trying
sites:http://www.eventid.net remove user from group
did not bring anything quickly or easily.

any other options?
0
 
LVL 43

Expert Comment

by:Taurus
ID: 34910098
Search on google.
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 
LVL 6

Author Comment

by:anushahanna
ID: 34910499
I am trying..

compared to "remove user from group"
what are other appropriate words to search by?
0
 
LVL 43

Expert Comment

by:Taurus
ID: 34910893
Try like

how to remove user from group active directory

what are you really trying to find. I can help you fast
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34916760
thanks Amit-

someone removed domain users from Admin group- just need to check the audit on that- when it was done.
0
 
LVL 43

Accepted Solution

by:
Taurus earned 500 total points
ID: 34917677
In order to trace that, first you need to enable the Auditing settings. Goto>Default Domain Controller policy and see what is enabled. Attaching screenshot.

Then goto to security logs and trace for event id

609 -  User Right Removed  

Here is the site which you are searching
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

I hope you have all your answer now
audit.bmp
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34919078
very very good - thanks.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question