Solved

how can i know which user turned off the server

Posted on 2011-03-01
4
231 Views
Last Modified: 2012-05-11
hi  
how can i know which user turned off the server
its a windows server 2003.
i would like to know if there is a way to know how turned the server off .
there are some mondays that i see the server off  and i think its someone who its turning it off.
i just enabled the remove and prevent access to shutdown command on the Group Policy.


thanks
0
Comment
Question by:lejarza
  • 2
4 Comments
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 35010683
There are several ways to turn off a server. You would need to address each one of these ways:

1. Physical Access: install a camera or limit the physical access to the server (this is something I can imagine you've done already).
2. Disable the ability of anyone else to log on to the server other than the administrators.
3. Make sure you are not having your UPS somehow mis-configured and shutting it down automatically or that you are not having a power related issue that outlasts the capacity of the UPS to keep the server going.

Give me more feedback, since otherwise, we could end up writing a book about the zillion possibilities.

Bits .....
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35010721
In the security event log for that server, look for event ID 1074 with a source of USER32. This will tell you who started the shutdown/restart
0
 
LVL 9

Accepted Solution

by:
blakogre earned 500 total points
ID: 35010874
On Win2k3, you can check \WINDOWS\system32\LogFiles\Shutdown

You can also check the System Event Log for Event ID 1074, which includes the username.

Obviously, if someone is just hitting the power button, that won't help.
0
 
LVL 9

Expert Comment

by:blakogre
ID: 35010881
Like TheGorby said!  I was a slower typer interrupted by a phone call. :-)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question