Audit Account Management ? do you have any infomation about Account Management Training ?
I have a question regarding Audit Account Management logging on a server. A
Local Group on Sql server had a domain user in the group removed, atleast
thats what one of the developer is claiming.
The Audit Account Management on the server is enabled of success & failure.
I checked the event id: 637 & nothing was found for that userid. I also
looked for all the ids listed in following doc:
http://technet2.microsoft.com/WindowsServer/en/library/42c66475-3346-....
Is it possible for a user to bypass Account Management logging or delete
single instance in the event viewer? Is their another audit policy besides
account management, that logs when a user was removed from a group or
groupmembership changed?
anyway, do you have any infomation about Account Management Training ? i want improve myseft
-Did you audit account management on domain level or on the local server? If
you audited on domain level, the local group change on the server will not
have been audited...
It is not possible to delete just one event from the event viewer. If the
security log is cleared, this is also logged in the security log.
-Account Management is enabled in both areas domain & on local server. I
checked the event id 636/637 on local server. I am not seeing an instance
when the programmer/developer claimed that the user was removed from the
group or when he added the user back to the local group.