Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

how can i know which user turned off the server

hi  
how can i know which user turned off the server
its a windows server 2003.
i would like to know if there is a way to know how turned the server off .
there are some mondays that i see the server off  and i think its someone who its turning it off.
i just enabled the remove and prevent access to shutdown command on the Group Policy.


thanks
0
lejarza
Asked:
lejarza
  • 2
1 Solution
 
BitsBytesandMoreCommented:
There are several ways to turn off a server. You would need to address each one of these ways:

1. Physical Access: install a camera or limit the physical access to the server (this is something I can imagine you've done already).
2. Disable the ability of anyone else to log on to the server other than the administrators.
3. Make sure you are not having your UPS somehow mis-configured and shutting it down automatically or that you are not having a power related issue that outlasts the capacity of the UPS to keep the server going.

Give me more feedback, since otherwise, we could end up writing a book about the zillion possibilities.

Bits .....
0
 
TheGorbyCommented:
In the security event log for that server, look for event ID 1074 with a source of USER32. This will tell you who started the shutdown/restart
0
 
blakogreCommented:
On Win2k3, you can check \WINDOWS\system32\LogFiles\Shutdown

You can also check the System Event Log for Event ID 1074, which includes the username.

Obviously, if someone is just hitting the power button, that won't help.
0
 
blakogreCommented:
Like TheGorby said!  I was a slower typer interrupted by a phone call. :-)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now