Event Message:

Security Enabled Local Group Member Added: Member Name: name Member ID: number Target Account Name: account Target Domain: name Target Account ID: number Caller User Name: user name Caller Domain: name Caller Logon ID: number Privileges: text

Explanation:

This audit record indicates that a new member has been added to a local group. This event also occurs when a user account is created and added to the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record. Adding members to groups can have security implications. This is especially true when a user is added to the Administrator group.

User Action:

The person with administrative rights for the computer should check to see who is being added to groups that have security implications. Make sure that users added to security sensitive groups really belong in the group.