|Product:||Windows Operating System|
|Component:||Security Event Log|
|Message:||Security Enabled Global Group Member Removed: Member Name: %1 Member ID: %2 Target Account Name: %3 Target Domain: %4 Target Account ID: %5 Caller User Name: %6 Caller Domain: %7 Caller Logon ID: %8 Privileges: %9|
This event record indicates that a member has been removed from a global group. This event also occurs when a user account is deleted and removed from the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record.
Removing members from groups can have security implications. This is especially true when a user is removed from the Administrator group.
The person with administrative rights for the computer should check to see who is being removed from groups that have security implications. Make sure that users removed from security sensitive groups really should be removed.