Solved

Windows Event Log Entry for removal of hardware

Posted on 2015-01-28
4
67 Views
Last Modified: 2015-06-30
We had an issue where someone used "Safely Remove Hardware" on a VMWare terminal server, and removed/uninstalled the Network Adapter.
Fixed the problem of Safely Remove Hardware to prevent it from happening again, but I'd like to try to identify who was the initiator of the action.
Is there any way to identify this? It's a cloud/hosted server, so I don't have access to the VMWare logs directly (could probably get to them with the hosting company's assistance), but it's my understanding that the VMWare logs won't have user-specific information, just that the action occurred.
Again, looking for something in Windows, that will tie to a user account.

Windows Server 2008 R2, Active Directory Domain.
0
Comment
Question by:LingerLonger
4 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40575825
The VMware Logs will not help you, if it was done within the OS.

You will need to look at the Windows OS Event Logs, at login and logout times, at the time of the operation, but difficult if there were many concurrent users logged on.

Do you have Auditing Enabled on the Windows OS Server ?
0
 
LVL 12

Author Comment

by:LingerLonger
ID: 40575837
Some auditing. If there is a specific audit config that would pick up on this item, I would like to know it, so I can see if it was enabled, and if not, enable it.
There were about 20 people logged onto the server a the time, so I'm not expecting to get a straight answer from a user. Not to mention that they probably had no awareness that what they did cause the result it did.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40859140
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Which vmware product do I need. 8 64
AD Account lockout 11 69
Why my host server dont ping gateway ? 6 53
SonicWall blocking access to MS RDP RemoteApp 24 43
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question