?
Solved

Track Add/Remove on Local Administrators Group on Windows Servers

Posted on 2014-01-27
5
Medium Priority
?
3,908 Views
Last Modified: 2016-01-25
Hello,

We constantly get complaints from application owners that certain domain account/groups are either added or removed from the Local Administrator groups on their servers.  Is there any way to capture an event like this in the event log?  If not, does anyone know of a tool in the community that can help with this issue?  Thanks.
0
Comment
Question by:Techop09
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
RAdministrator earned 1600 total points
ID: 39812731
0
 

Author Comment

by:Techop09
ID: 39813110
Thanks, but I'm not looking to audit AD groups.  I'm looking to audit the Local Administrators group on a particular server, or group of servers.  Any ideas on how to do that?
0
 
LVL 5

Expert Comment

by:RAdministrator
ID: 39813519
Not sure if this will help you out, as it is a static tool that just queries the local admins group, but you could write a script to run it once a day or so, and export group membership to a file.

http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html

Tested, does what it says.

P.S. If your server installation is in a language other than English, the local admins group may be named in the installation language (e.g. in French it's "Administrateurs") Make sure to change the default group name in the Options.
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431569
Hi,
Is there a way to determine who made the change ? Like addition/removal to the local admin group of the server ? event IDS - 636,637 seem to audit active directory group changes not local group changes..
0
 

Expert Comment

by:vibhuti dhiman
ID: 41431582
Never mind , i got it , thanks ! Event Ids - 4732 and 4733
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question