RE: User creation audit trail

For now we do five servers at our location and use the WAN bridge for
servers at branch offices, totalling eleven servers. I could only
imagine the amount of data from scanning all 200 workstations along with
the severs, which have roughly 9 to 10 thousand entries per 4 hour
window.

-----Original Message-----
From: Patrick Fennessey [mailto:Patrick.Fennessey@xxxxxxxxxxxxxxxxx]
Sent: Thursday, August 24, 2006 10:01 AM
To: Greg Merideth; Lee Clemens; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: User creation audit trail

Do you use GFI event log watcher for all your workstations? Or just
servers?

-----Original Message-----
From: Greg Merideth [mailto:gmerideth@xxxxxxxxx]
Sent: Wednesday, August 23, 2006 12:47 PM
To: Lee Clemens; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: User creation audit trail

I believe event ID 645 is the creation of a user account in the domain.
I use the GFI event log watcher and track that event on the network.

-----Original Message-----
From: Lee Clemens [mailto:lee@xxxxxxxxxxxxxx]
Sent: Tuesday, August 22, 2006 9:26 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: User creation audit trail

Hello all,

I am trying to find a way to verify and when and by whom a user was
created on a Domain computer. The account was created on the local
machine, so I'm wondering if it is captured in the event log somewhere.
And perhaps what the event ID is for that, or anywhere else I could find
out??

Thanks in advance,
Lee Clemens



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _

NOTICE: This email is business confidential. If received in error,
please destroy this email and notify sender immediately. Sender does
not waive confidentiality, or privilege and use is prohibited.



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • RE: User creation audit trail
    ... Subject: User creation audit trail ... I use the GFI event log watcher and track that event on the network. ...
    (Focus-Microsoft)
  • Re: Question on event log errors
    ... Also forgot to mention when these errors occur, often the event log will get ... I have the error message at the ... The hardware of these 2 servers are identical. ...
    (microsoft.public.windows.server.general)
  • RE: XP Browsing issue
    ... I checked event log on server and workstation but there was no entry on ... On the servers, there is no problem browsing the ... The list of servers for this workgroup is not ... I have 'enabled NetBIOS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant find DC
    ... PC gets DNS from DHCP; it points to our ISP's DNS servers. ... In the Server System Event Log ... >>I have a network with only one server and about 25 workstations. ...
    (microsoft.public.windows.server.networking)
  • Re: Event ID: 5504
    ... > I've googled and looked up the kb articles on this warning in my ... I don't have forwarding setup on my DNS Servers. ... > event log message. ...
    (microsoft.public.win2000.dns)