Solved

how can i know which user turned off the server

Posted on 2011-03-01
4
239 Views
Last Modified: 2012-05-11
hi  
how can i know which user turned off the server
its a windows server 2003.
i would like to know if there is a way to know how turned the server off .
there are some mondays that i see the server off  and i think its someone who its turning it off.
i just enabled the remove and prevent access to shutdown command on the Group Policy.


thanks
0
Comment
Question by:lejarza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 35010683
There are several ways to turn off a server. You would need to address each one of these ways:

1. Physical Access: install a camera or limit the physical access to the server (this is something I can imagine you've done already).
2. Disable the ability of anyone else to log on to the server other than the administrators.
3. Make sure you are not having your UPS somehow mis-configured and shutting it down automatically or that you are not having a power related issue that outlasts the capacity of the UPS to keep the server going.

Give me more feedback, since otherwise, we could end up writing a book about the zillion possibilities.

Bits .....
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35010721
In the security event log for that server, look for event ID 1074 with a source of USER32. This will tell you who started the shutdown/restart
0
 
LVL 9

Accepted Solution

by:
blakogre earned 500 total points
ID: 35010874
On Win2k3, you can check \WINDOWS\system32\LogFiles\Shutdown

You can also check the System Event Log for Event ID 1074, which includes the username.

Obviously, if someone is just hitting the power button, that won't help.
0
 
LVL 9

Expert Comment

by:blakogre
ID: 35010881
Like TheGorby said!  I was a slower typer interrupted by a phone call. :-)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question