Event Message:
Security Enabled Global Group Member Added:%n\r\n%tMember Name:%t%1%n\r\n%tMember ID:%t%2%n\r\n%tTarget Account Name:%t%3%n\r\n%tTarget Domain:%t%4%n\r\n%tTarget Account ID:%t%5%n\r\n%tCaller User Name:%t%6%n\r\n%tCaller Domain:%t%7%n\r\n%tCaller Logon ID:%t%8%n\r\n%tPrivileges:%t%9%n\r\n
Source |
Event Log |
Event ID |
Event Type |
|---|---|---|---|
Security |
Security |
632 |
Success Audit |
Explanation:
This audit record indicates that a new member has been added to a global group. This event also occurs when a user account is created and added to the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record. Adding members to groups can have security implications. This is especially true when a user is added to the Administrator group.
User Action:
Check to see who is being added to groups that have security implications. Make sure that users added to security-sensitive groups really belong in the group.