An account has been created and added to the local Administrators group on an XP workstation that's a member of a domain. The name of the account is a long string of random small and capital letters like this: wiwr7eyieUEIRU4EYSRI
I see in the Security log when the account was added, then a password added, then added to the local Adminsitrators group, and it all occurred within 1 minute. But is there a way to tell if another local or domain account was used to do the adding, and if so which one? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
