Solved

how can i know which user turned off the server

Posted on 2011-03-01
4
242 Views
Last Modified: 2012-05-11
hi  
how can i know which user turned off the server
its a windows server 2003.
i would like to know if there is a way to know how turned the server off .
there are some mondays that i see the server off  and i think its someone who its turning it off.
i just enabled the remove and prevent access to shutdown command on the Group Policy.


thanks
0
Comment
Question by:lejarza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 35010683
There are several ways to turn off a server. You would need to address each one of these ways:

1. Physical Access: install a camera or limit the physical access to the server (this is something I can imagine you've done already).
2. Disable the ability of anyone else to log on to the server other than the administrators.
3. Make sure you are not having your UPS somehow mis-configured and shutting it down automatically or that you are not having a power related issue that outlasts the capacity of the UPS to keep the server going.

Give me more feedback, since otherwise, we could end up writing a book about the zillion possibilities.

Bits .....
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35010721
In the security event log for that server, look for event ID 1074 with a source of USER32. This will tell you who started the shutdown/restart
0
 
LVL 9

Accepted Solution

by:
blakogre earned 500 total points
ID: 35010874
On Win2k3, you can check \WINDOWS\system32\LogFiles\Shutdown

You can also check the System Event Log for Event ID 1074, which includes the username.

Obviously, if someone is just hitting the power button, that won't help.
0
 
LVL 9

Expert Comment

by:blakogre
ID: 35010881
Like TheGorby said!  I was a slower typer interrupted by a phone call. :-)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question