Security Enabled Global Group Member Removed: Member Name: %1 Member ID: %2 Target Account Name: %3 Target Domain: %4 Target Account ID: %5 Caller User Name: %6 Caller Domain: %7 Caller Logon ID: %8 Privileges: %9

Details
Product: Windows Operating System
Event ID: 633
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_GLOBAL_GROUP_REM
Message: Security Enabled Global Group Member Removed: Member Name: %1 Member ID: %2 Target Account Name: %3 Target Domain: %4 Target Account ID: %5 Caller User Name: %6 Caller Domain: %7 Caller Logon ID: %8 Privileges: %9
   
Explanation

This event record indicates that a member has been removed from a global group. This event also occurs when a user account is deleted and removed from the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record.

Removing members from groups can have security implications. This is especially true when a user is removed from the Administrator group.

   
User Action

The person with administrative rights for the computer should check to see who is being removed from groups that have security implications. Make sure that users removed from security sensitive groups really should be removed.

Related:

Leave a Reply