asked on
Why is "A member was removed from a security-enabled local group." being removed
I am seeing this Security event periodically. It is removing a domain account from the local admin for a specific windows 2008 R2 server.
Some Admin group accounts are being removed and readded programatically.
Some are being removed and not readded. Why is this occuring?
Where do I look?
It is causing my ADRMS services to not work.
A member was removed from a security-enabled local group.
Subject:
Security ID: SYSTEM
Account Name: 0NH1C8P02$
Account Domain: MYCOMPANY
Logon ID: 0x3e7
Member:
Security ID: MYCOMPANY\_adrmsadmin
Account Name: -
Group:
Security ID: BUILTIN\Administrators
Group Name: Administrators
Group Domain: Builtin
Additional Information:
Privileges: -
Some Admin group accounts are being removed and readded programatically.
Some are being removed and not readded. Why is this occuring?
Where do I look?
It is causing my ADRMS services to not work.
A member was removed from a security-enabled local group.
Subject:
Security ID: SYSTEM
Account Name: 0NH1C8P02$
Account Domain: MYCOMPANY
Logon ID: 0x3e7
Member:
Security ID: MYCOMPANY\_adrmsadmin
Account Name: -
Group:
Security ID: BUILTIN\Administrators
Group Name: Administrators
Group Domain: Builtin
Additional Information:
Privileges: -
Windows Server 2008Active Directory
Last Comment
fpstarara