Return
-
Title
Service Monitoring events do not contain the "WHO" information for Windows 2008\R2 servers -
Description
Service Monitoring events do not capture the "WHO" information from Windows 2008\R2 servers. Only Windows 2003 capture this information.
-
Cause
This is a product limitation currently as Windows 2008\R2 System logs do not display the user information in the EventID 7036. Windows 2003 has EventID 7035 which contains the Initiator information.
-
Resolution
WORKAROUND:
None.
STATUS:
Issue is resolved in ChangeAuditor version 5.7+.
-
Defect ID
TF00162401 -
Additional Information
For Service Monitoring we cannot capture "Origin" information when services are stopped\started remotely. This is a product limitation as the System event logs do not contain any information pertaining to the location where the change occurred from.