Win 2003 - Auditing User Accounts - Who added which security group?

By squirrelonfire ·
How to know which administrators added which security group to a certain account?
For example:
Admin A added himself to a VPN group, or asked admin B to add him into the VPN group. Is there a way to find out who added Admin A into the VPN group w/o asking him?
I read about Auditing User Accounts but it only audit who gets what security groups, not who gave the users those groups.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

But first auditing needs to be enabled in AD

by robo_dev In reply to Win 2003 - Auditing User ...

I believe that if auditing is enabled, then you can see those adds/moves/changes in the Security Log.

A reading from the book of Microsoft:

"When you use Windows Server 2003 auditing, you can track both user activities and Windows Server 2003 activities which are named events, on a computer. When you use auditing, you can specify which events are written to the Security log. For example, the Security log can maintain a record of both valid and invalid logon attempts and events that relate to creating, opening, or deleting files or other objects. An audit entry in the Security log contains the following information:

* The action that was performed.
* The user who performed the action.
* The success or failure of the event and the time that the event occurred.

Related Discussions

Related Forums