question

JC34209324-2760 avatar image
0 Votes"
JC34209324-2760 asked LimitlessTechnology-2700 answered

User Added to Security-Enabled Group During Windows Updates

Hello, I've upgraded the OS on two VMs twice; once from Server 2008 to Server 2012 and another from Server 2012 to Server 2016. Following the OS upgrade, I've run Windows Updates to connect to Microsoft to patch the systems. When I've done this, there's an alarm triggered based on the event below.

I've had this happen on both servers during patching after the OS upgrades. Is this normal and what during Windows Updates causes SERVERNAME$ to be added to the local administrators group on the servers? Is there a specific process that performs this?


Application: microsoft-windows-security-auditing

Message: A member was added to a security-enabled local group.

Group Name: administrators

Source User: SERVERNAME$





Thank you!

windows-serverwindows-group-policywindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @JC34209324,

No need to be alarmed. This doesn't mean that SERVERNAME$ was added to Administrators group, but instead that SERVERNAME$ was the source that made the change. This is some default behavior in the Security and Audit events. the behavior describes an inconsistency (still not explained) where the SERVERNAME is used instead of USERNAME\USER format.

There is a previous thread that describes this in a different scenario (using Exchange Management Console) but it applies to other aspects of the Event logging.

https://social.technet.microsoft.com/Forums/exchange/en-US/c420673b-2c63-4b46-ac7d-62120f93c96d/exchange-2010-security-events-contain-servername-as-user-only?forum=exchangesvrsecuremessaginglegacy

Hope this resolves your query,
Best regards,



--If the the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.