Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Track Add/Remove on Local Administrators Group on Windows Servers

Posted on 2014-01-27
5
Medium Priority
?
3,692 Views
Last Modified: 2016-01-25
Hello,

We constantly get complaints from application owners that certain domain account/groups are either added or removed from the Local Administrator groups on their servers.  Is there any way to capture an event like this in the event log?  If not, does anyone know of a tool in the community that can help with this issue?  Thanks.
0
Comment
Question by:Techop09
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
RAdministrator earned 1600 total points
ID: 39812731
0
 

Author Comment

by:Techop09
ID: 39813110
Thanks, but I'm not looking to audit AD groups.  I'm looking to audit the Local Administrators group on a particular server, or group of servers.  Any ideas on how to do that?
0
 
LVL 5

Expert Comment

by:RAdministrator
ID: 39813519
Not sure if this will help you out, as it is a static tool that just queries the local admins group, but you could write a script to run it once a day or so, and export group membership to a file.

http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html

Tested, does what it says.

P.S. If your server installation is in a language other than English, the local admins group may be named in the installation language (e.g. in French it's "Administrateurs") Make sure to change the default group name in the Options.
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431569
Hi,
Is there a way to determine who made the change ? Like addition/removal to the local admin group of the server ? event IDS - 636,637 seem to audit active directory group changes not local group changes..
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431582
Never mind , i got it , thanks ! Event Ids - 4732 and 4733
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question