Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

Domain Users added to local Power Users

Discussions on Microsoft's new server operating system. This works in conjunction with the http://www.windows-expert.net web pages.

Moderator: alorbach

Google Ads


Domain Users added to local Power Users

Postby crunchynet » Mon Sep 10, 2007 2:54 pm

I am having this weird problem, where every morning the Domain Users group is automatically added to the Local Power Users in all my terminal servers. Every day I will remove the group, but is added again. While looking at my security events discovered these two suspicious entries.

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 636
Date: 9/9/2007
Time: 6:45:28 AM
User: NT AUTHORITY\SYSTEM
Computer: OEC-TS1
Description:
Security Enabled Local Group Member Added:
Member Name: -
Member ID: OECINC\Domain Users
Target Account Name: Power Users
Target Domain: Builtin
Target Account ID: BUILTIN\Power Users
Caller User Name: OEC-TS1$
Caller Domain: OECINC
Caller Logon ID: (0x0,0x3E7)
Privileges: -



Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 576
Date: 9/9/2007
Time: 6:45:27 AM
User: NT AUTHORITY\SYSTEM
Computer: OEC-TS1
Description:
Special privileges assigned to new logon:
User Name: OEC-TS1$
Domain: OECINC
Logon ID: (0x0,0x4C9953)
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege

I really don’t want my users to be power users under this terminal server environment. Any help here will be really appreciated, since I am losing my mind on this one. I have done research on this and found nothing so far.
crunchynet
New
 
Posts: 1
Joined: Mon Sep 10, 2007 1:30 pm

Google Ads


Return to Windows Server 2003

Who is online

Users browsing this forum: No registered users and 0 guests

cron