Re: Audit shutdown
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 23 Mar 2006 11:49:46 -0600
If you have not done so yet try auditing privilege use for success and then
look for privilege use for shut down the system event [SeShutdownPrivilege
for event 577 maybe] at the time that the operating system shuts down. Also
look for type 3 logons at a time just before the operating system shuts
down. It could also be a hardware or line voltage problem or the operating
system could be configured to reboot at system failure though you can
configure that an events be written to the system log when that happens in
system properties/advanced - startup and recovery. --- Steve
"TIwang" <TIwang@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:802CC6CD-FCFC-4FB9-862B-E7FEEB5972E3@xxxxxxxxxxxxxxxx
hi out there
We have a windows 2000 sp4 server which from time to time is being
rebooted
- I wan't to track who or what is rebooting the server. I have tried to
enable auditing on several objects and events which I expect could give me
the right information - but until now without succes - how do I enable
auditing for shutdown and which event do I need to look for ?
best regards /thomas iwang
.
- Prev by Date: Re: Problem with Volume Shadow Copies
- Next by Date: Backing up
- Previous by thread: Re: Problem with Volume Shadow Copies
- Next by thread: Backing up
- Index(es):
Relevant Pages
|
|
