Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 99
  • Last Modified:

Windows Event Log Entry for removal of hardware

We had an issue where someone used "Safely Remove Hardware" on a VMWare terminal server, and removed/uninstalled the Network Adapter.
Fixed the problem of Safely Remove Hardware to prevent it from happening again, but I'd like to try to identify who was the initiator of the action.
Is there any way to identify this? It's a cloud/hosted server, so I don't have access to the VMWare logs directly (could probably get to them with the hosting company's assistance), but it's my understanding that the VMWare logs won't have user-specific information, just that the action occurred.
Again, looking for something in Windows, that will tie to a user account.

Windows Server 2008 R2, Active Directory Domain.
0
LingerLonger
Asked:
LingerLonger
1 Solution
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The VMware Logs will not help you, if it was done within the OS.

You will need to look at the Windows OS Event Logs, at login and logout times, at the time of the operation, but difficult if there were many concurrent users logged on.

Do you have Auditing Enabled on the Windows OS Server ?
0
 
LingerLongerAuthor Commented:
Some auditing. If there is a specific audit config that would pick up on this item, I would like to know it, so I can see if it was enabled, and if not, enable it.
There were about 20 people logged onto the server a the time, so I'm not expecting to get a straight answer from a user. Not to mention that they probably had no awareness that what they did cause the result it did.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Tackle projects and never again get stuck behind a technical roadblock.
Join Now