Solved

User Account Privilege Record

Hello all,

I have recently been asked by a friend how I would see a history of privilege changes on a Windows XP user account.
I did not know the answer, and so decided to ask the experts on this forum.

Thanks In Advance,
Dan
8 answers Last reply Best Answer
More about user account privilege record
  1. Why does he want to know? Surely the Administrator of the PC knows what changes he has made to an account. If it's a matter of forensics, someone who had Administrator priviliges would have been able to erase any record of changes, so there is no definitive answer.

    I may be overly suspicious, but this smells like a homework question to me.
  2. All I want to know is whether Windows XP has a record of privilege changes, and if so, can this record be accessed? This is a matter of forensics, because someone changed his user account privileges, and now he has to prove that he didn't do it.
  3. You could check the Windows Security Event Log, but that's about it. Anyone with enough knowledge to change account privileges will have surely had enough sense to erase that.

    I'd have thought the onus was on the accusers to prove that he did change his account, not the other way round.
  4. Assuming the administrator did not delete the log file, where in the file would I find user account privilege changes?

    Thanks
  5. In order to change privileges, would he not have to log into an account with administrative privileges in the first place?
  6. Yes, he would have had to login to an admin account. But the administration is accusing him of making a .bat file run automatically upon admin login. I am trying to prove that his account was changed at a time when he was not on the computers.
  7. Best answer
    You use Event Manager to view the logs. I'm not sure if a non-Administative user can view the Security Log.

    But if it was a .bat file running upon admin logon he wouldn't have to be on the computer at the time, so that proves nothing. On the other hand, he'd have had to already have Admin priviliges to make such a file.
  8. Best answer selected by Lagomorph.
Ask a new question

Read More

Windows XP