?
Solved

Track Add/Remove on Local Administrators Group on Windows Servers

Posted on 2014-01-27
5
Medium Priority
?
3,399 Views
Last Modified: 2016-01-25
Hello,

We constantly get complaints from application owners that certain domain account/groups are either added or removed from the Local Administrator groups on their servers.  Is there any way to capture an event like this in the event log?  If not, does anyone know of a tool in the community that can help with this issue?  Thanks.
0
Comment
Question by:Techop09
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
RAdministrator earned 1600 total points
ID: 39812731
0
 

Author Comment

by:Techop09
ID: 39813110
Thanks, but I'm not looking to audit AD groups.  I'm looking to audit the Local Administrators group on a particular server, or group of servers.  Any ideas on how to do that?
0
 
LVL 5

Expert Comment

by:RAdministrator
ID: 39813519
Not sure if this will help you out, as it is a static tool that just queries the local admins group, but you could write a script to run it once a day or so, and export group membership to a file.

http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html

Tested, does what it says.

P.S. If your server installation is in a language other than English, the local admins group may be named in the installation language (e.g. in French it's "Administrateurs") Make sure to change the default group name in the Options.
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431569
Hi,
Is there a way to determine who made the change ? Like addition/removal to the local admin group of the server ? event IDS - 636,637 seem to audit active directory group changes not local group changes..
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431582
Never mind , i got it , thanks ! Event Ids - 4732 and 4733
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question