I am having this weird problem, where every morning the Domain Users group is automatically added to the Local Power Users in all my terminal servers. Every day I will remove the group, but is added again. While looking at my security events discovered these two suspicious entries.
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 636
Date: 9/9/2007
Time: 6:45:28 AM
User: NT AUTHORITY\SYSTEM
Computer: OEC-TS1
Description:
Security Enabled Local Group Member Added:
Member Name: -
Member ID: OECINC\Domain Users
Target Account Name: Power Users
Target Domain: Builtin
Target Account ID: BUILTIN\Power Users
Caller User Name: OEC-TS1$
Caller Domain: OECINC
Caller Logon ID: (0x0,0x3E7)
Privileges: -
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 576
Date: 9/9/2007
Time: 6:45:27 AM
User: NT AUTHORITY\SYSTEM
Computer: OEC-TS1
Description:
Special privileges assigned to new logon:
User Name: OEC-TS1$
Domain: OECINC
Logon ID: (0x0,0x4C9953)
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
I really don’t want my users to be power users under this terminal server environment. Any help here will be really appreciated, since I am losing my mind on this one. I have done research on this and found nothing so far.
MonitorWare Knowledge Base
Your first source for knowledge
Domain Users added to local Power Users
Moderator: alorbach
1 post • Page 1 of 1
Domain Users added to local Power Users
by crunchynet on Mon Sep 10, 2007 2:54 pm
- crunchynet
- New
- Posts: 1
- Joined: Mon Sep 10, 2007 1:30 pm
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
