Solved

Track Add/Remove on Local Administrators Group on Windows Servers

Posted on 2014-01-27
5
2,548 Views
Last Modified: 2016-01-25
Hello,

We constantly get complaints from application owners that certain domain account/groups are either added or removed from the Local Administrator groups on their servers.  Is there any way to capture an event like this in the event log?  If not, does anyone know of a tool in the community that can help with this issue?  Thanks.
0
Comment
Question by:Techop09
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
RAdministrator earned 400 total points
ID: 39812731
0
 

Author Comment

by:Techop09
ID: 39813110
Thanks, but I'm not looking to audit AD groups.  I'm looking to audit the Local Administrators group on a particular server, or group of servers.  Any ideas on how to do that?
0
 
LVL 5

Expert Comment

by:RAdministrator
ID: 39813519
Not sure if this will help you out, as it is a static tool that just queries the local admins group, but you could write a script to run it once a day or so, and export group membership to a file.

http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html

Tested, does what it says.

P.S. If your server installation is in a language other than English, the local admins group may be named in the installation language (e.g. in French it's "Administrateurs") Make sure to change the default group name in the Options.
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431569
Hi,
Is there a way to determine who made the change ? Like addition/removal to the local admin group of the server ? event IDS - 636,637 seem to audit active directory group changes not local group changes..
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431582
Never mind , i got it , thanks ! Event Ids - 4732 and 4733
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now