Solved

how can i know which user turned off the server

Posted on 2011-03-01
4
233 Views
Last Modified: 2012-05-11
hi  
how can i know which user turned off the server
its a windows server 2003.
i would like to know if there is a way to know how turned the server off .
there are some mondays that i see the server off  and i think its someone who its turning it off.
i just enabled the remove and prevent access to shutdown command on the Group Policy.


thanks
0
Comment
Question by:lejarza
  • 2
4 Comments
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 35010683
There are several ways to turn off a server. You would need to address each one of these ways:

1. Physical Access: install a camera or limit the physical access to the server (this is something I can imagine you've done already).
2. Disable the ability of anyone else to log on to the server other than the administrators.
3. Make sure you are not having your UPS somehow mis-configured and shutting it down automatically or that you are not having a power related issue that outlasts the capacity of the UPS to keep the server going.

Give me more feedback, since otherwise, we could end up writing a book about the zillion possibilities.

Bits .....
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35010721
In the security event log for that server, look for event ID 1074 with a source of USER32. This will tell you who started the shutdown/restart
0
 
LVL 9

Accepted Solution

by:
blakogre earned 500 total points
ID: 35010874
On Win2k3, you can check \WINDOWS\system32\LogFiles\Shutdown

You can also check the System Event Log for Event ID 1074, which includes the username.

Obviously, if someone is just hitting the power button, that won't help.
0
 
LVL 9

Expert Comment

by:blakogre
ID: 35010881
Like TheGorby said!  I was a slower typer interrupted by a phone call. :-)
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question