Hello, I've upgraded the OS on two VMs twice; once from Server 2008 to Server 2012 and another from Server 2012 to Server 2016. Following the OS upgrade, I've run Windows Updates to connect to Microsoft to patch the systems. When I've done this, there's an alarm triggered based on the event below.
I've had this happen on both servers during patching after the OS upgrades. Is this normal and what during Windows Updates causes SERVERNAME$ to be added to the local administrators group on the servers? Is there a specific process that performs this?
Message: A member was added to a security-enabled local group.
Group Name: administrators
Source User: SERVERNAME$