Details | |
Product: | Windows Operating System |
Event ID: | 637 |
Source: | Security |
Version: | 5.0 |
Component: | Security Event Log |
Symbolic Name: | SE_AUDITID_LOCAL_GROUP_REM |
Message: | Security Enabled Local Group Member Removed: Member Name: %1 Member ID: %2 Target Account Name: %3 Target Domain: %4 Target Account ID: %5 Caller User Name: %6 Caller Domain: %7 Caller Logon ID: %8 Privileges: %9 |
Explanation | |
A user or group account was removed from a local security group on the computer or on the domain.
|
|
User Action | |
Confirm that the group removal operaiton is in compliance with the security policy of your organization. |