Have more details in the logs regarding computer accounts moved/copied/deleted events
When we look at system logs in SEPM 11.0 (Monitors > Logs > Log type: System, Log content: Administrative), we can see traces of computers moved, copied or deleted:
| Time Stamp | Admin Name | Event Type | Domain Name | Server Name | Site Name |
| 01/03/2012 17:30 | MyAdminName | Computer is deleted | MyDomainName | MyServerName | MySiteName |
| 01/03/2012 17:28 | MyAdminName | Computer is moved | MyDomainName | MyServerName | MySiteName |
| 01/03/2012 17:27 | MyAdminName | Computer is copied | MyDomainName | MyServerName | MySiteName |
However, we do not have detailled information regarding group membership.
For instance, in the case of computer moved, it would be very interesting to see from which group to which group.
In the case of copy, it would be interesting to know to which group.
In the case of deletion, it would be interesting to know from which group.
This would allow us to have more relevant information about administrative operations and to identify unexpected/incorrect move/copy/delete actions.
NOTE: this idea can apply to SEPM 12.1 as well (Event Type strings are slightly different - i.e The computer account has been moved to a different group - but still there is no field for group membership).
Comments
Thanks for your suggestion
Hello John, Thanks for your suggestion.
Indeed! Well spotted
Indeed! Well spotted
Agreed. This will definitely
Agreed. This will definitely help us.
good idea, agree!
good idea, agree!
What updates (service packs and hotfixes) are released for Backup Exec 2012 version?
Yes, we want
It's a good idea for our organization !
If Audit logs do not please
If Audit logs do not please the auditors then it becomes a problem.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
HI John, Good Idea by you and
HI John,
Good Idea by you and we administrator also want this log availability as you mentioned above in any fixes or new version of SEPM.
Regards,
Ajay Kumar Singh (Consultant- Information Security)
SCS(Symantec) | MCSA | ITIL v3 | Security+
Good Idea shared by you.
Good Idea shared by you.
It's a really good idea.
It's a really good idea.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Certifications aren't just
Certifications aren't just eye-candy on your resume. They're proof to both current and prospective clients and employers that you are dedicated to your career in IT.http://www.test-king.com/cert-CCIE.htm Those experienced in IT, know that Information Technology is a continuously changing, fast-paced environment.http://www.test-king.com/cert-MCTS.htm Both new certifications and updates to old ones seem to be released weekly.http://www.test-king.com/cert-MCP.htm If you're new to IT, you may have the know-how, but your certifications are proof of your ability. http://www.test-king.com/cert-CISSP.htm If you are the blazon of I.T. Professional that builds their resume about certifications, you should consistently be acquainted of new ones on the market. http://www.test-king.com/cert-MCSE-2008.htm
The application of 'SEPM
The application of 'SEPM 12.1' is good enough to be informed about the several kinds of aspects of computer! I’m pleased to get the short review of the group via the post. Thanks for inform about it. http://www.jprmarketing.co.uk/internet-marketing-c...
Would you like to reply?
Login or Register to post your comment.