System Security Access Removed from Account

The following queries will list security access that was removed from an account in a Windows environment. Queries look different depending on which version of Windows you are running as the syntax and the EventID’s changed after 2003. Windows Server 2008 and newer:

Windows Server 2003 and older:

Continue Reading →