Windows Server logs deleted - Find user who did it?

Similar Messages

• How to find out list user who did the printing

  Dear All,
  We are using network print server using HP LaserJet 5550 and jetdirect, since our number of users is more than 500 staff in one place, sometimes they do the unresponsible printing such as print full color photos for personal use, print a novel and anything that not related to the business purpose.
  Today, our director found out that someone print out a whole story book and spend a lot of paper... he challenge me to find out who is the user who did this? I can log on to the printer web console, but I can't find user log printing...
  Any help will be much appreciated.
  Thanks & Regards,
  Franky

  This seems to be a commercial product. For the best chance at finding a solution I would suggest posting in the forum for HP Business Support!
  You can find the Commercial Jetdirect board here:
  http://h30499.www3.hp.com/t5/Print-Servers-Network​-Storage/bd-p/bsc-254
  Best of Luck!
  You can say thanks by clicking the Kudos Star in my post. If my post resolves your problem, please mark it as Accepted Solution so others can benefit too.

• How to find users who are running IE with different credentials ?

  How to find users who are running IE with different credentials ? 
  Is there any tool or a solution in the market will help or a i can use GPO or even Power Shell ?
  thnx & Regards ,,

  Hi Salman,
  Based on your description, we can use Windows Credential Manager to check this. Windows Credential Manager stores credentials, such as user names and passwords  that we use to log on to websites or other computers on a network.
  Regarding Credential Manager, the following article can be referred to for more information.
  Credential Manager
  http://windows.microsoft.com/en-in/windows7/what-is-credential-manager
  Manage passwords in Internet Explorer using Credential Manager
  http://www.thewindowsclub.com/manage-passwords-internet-explorer-10
  Please Note: Since the above website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Frank Shen

• How to find users who are inactive.

  Hi I want to find users who left the company. I ran program rsusr200 in se38 but not understanding which option will clearly give me the invalid users. Also i had a doubt. Does users with password deactivated that the user left the company.
  Thanks in Advance for your help

  The "password" field in this report will not necessarily show you users who have left the company. The password may be be "active" since this is a new user and they have not yet logged on. You would need to compare as well the field "Created On". I would use the last logon field as an indicator of who may have left - if someone has not logged on in 90 days, that could be an indicator.

• Solaris users who did login for more than months

  Hello All,
  Can any one help me out to find those users who did not login to the system for more than a month or more? I need to do some user clean up.
  Thanks..
  Edited by: user4027740 on Apr 13, 2011 12:35 AM

  USERS=`grep -v NOLOGIN /etc/passwd | cut -d: -f1`
  for USER in $USERS
  do
  echo "---------- $USER --------------"
  last -n 1 $USER
  done
  ############this script helps you find out the last login time of all users in /etc/passwd file###################

• How to find user who loaded the procs in DB

  Hi guys how to find user who loaded procs in database ..and the date...
  is there anyway..
  i tried to look at all_objects..but it didnot workout..
  thanks

  That is correct. You will only have audit rows for item that you are auditing. I am suggesting you audit all DDL in a production database since production jobs should not perform DDL with the probable exception of truncate. This will provide this type of information going forward. It will not help you answer the question of who created the procedure last week?
  Auditing is explained in the Security manual and the full comand syntax is available in the SQL manual.
  You can easily write a purge the audit data to remove data once it is no longer of interest based on the date the audit row was created.
  HTH -- Mark D Powell --

• How do you find out who did not contribute to a particular fund raiser that we all just did?

  Using MYsql How do you find out who did not contribute to a particular fund raiser that we all just did. There are many titles to the different charities that is under the othpaytitle of the Otherpay table,  I however just want to extract the non-contributors for a particular charity title. Is there anyway to do this? When I do the the syntax below it comes up as an "empty set". The search is done by way of the table Id matching and left joins. Please see below.
  SELECT  moiid, trim(concat(name.fname,' ' ,name.mname,' ',name.lname)) as Brother, name.moiid as Members_ID, sum(otherpay.othpayamt) as NO_Contribution, quadlt.ltfname as quad 
  FROM name 
  LEFT JOIN OTHERPAY  ON name.moiid = otherpay.othpaymoiid
  LEFT JOIN quadlt  ON name.quadlt = quadlt.ltid
  WHERE  Otherpay.othpaytitle like '%food drive%'
  AND otherpay.othpaymoiid IS NULL
  AND name.type = 'BOI'
  AND name.type <> 'jrboi'
  AND name.city = 'SUFFOLK'
  GROUP BY brother
  ORDER BY name.quadlt, brother

  Just guessing based on your query,  and assuming the above query works, just insert a "where" condition. I also removed the SUM function. Also, "AND otherpay.othpaymoiid IS NULL"  may not be needed.
  SELECT  moiid, trim(concat(name.fname,' ' ,name.mname,' ',name.lname)) as Brother, name.moiid as Members_ID, otherpay.othpayamt, quadlt.ltfname as quad
  FROM name 
  LEFT JOIN OTHERPAY  ON name.moiid = otherpay.othpaymoiid
  LEFT JOIN quadlt  ON name.quadlt = quadlt.ltid
  WHERE  Otherpay.othpaytitle like '%food drive%'
  AND otherpay.othpaymoiid IS NULL
  AND name.type = 'BOI'
  AND name.type <> 'jrboi'
  AND name.city = 'SUFFOLK'
  AND othpayamt=0
  ORDER BY name.quadlt, brother

• Repeated Window Server Log entries

  My 18 month old iMac 8.1, 24 inch 3.06 is working well, except that from today repeated Window Server Log entries like:
  Oct 01 06:42:24 53 kCGErrorIllegalArgument: _CGXMapShmemInternal : Invalid shared memory id
  constantly showing up every few seconds. This, besides the repeated app.firewall log entries makes me feel like something wrong is going on.
  I would feel satisfied if Experts on this forum would help me with their expertise to deal with this.
  Is this serious or normal or something should be done?
  Any help would be greatly appreciated.
  Best - KrishnaMohan.

  Answering myself. Tried various things, but what solved this problem surprises me. Removing ALL cookies in Safari solved this. Hope this helps someone.
  Best - KrishnaMohan.

• ORACLE E-BUSINESS SUITE 11i Query to find users who never logged in

  Dear, All -
  ORACLE E-BUSINESS SUITE 11i
  Is there a query to find out a list of users who were created but never logged into the system. I believe these users do no appear in FND_USER table since they never logged in.
  Thanks in advance!

  FAIRE wrote:
  Dear, All -
  ORACLE E-BUSINESS SUITE 11i
  Is there a query to find out a list of users who were created but never logged into the system. I believe these users do no appear in FND_USER table since they never logged in.
  Thanks in advance!All application users details are stored in FND_USER table (whether they logged in or not).
  To find the list of those users, please run this query:
  SQL> select *
  from FND_USER
  where LAST_LOGON_DATE is NULL
  and END_DATE is NULL;Thanks,
  Hussein

• Windows Server 2012 R2 Essentials Trial Key - Did I miss it, too?

  I tried both "Windows Server 2012 Essentials" and "Windows Server 2012 R2 Essentials".  Here is the link to the page I downloaded the images:
  http://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-essentials
  The following are the respective links to the images I used which were provided by the above webpage:
  http://care.dlservice.microsoft.com/dl/download/1/2/9/129AEC4F-1C6C-44B2-9B61-77935E8AB1F4/WindowsServer2012Essentials-English-Install.iso
  http://care.dlservice.microsoft.com/dl/download/8/F/7/8F7024D2-AB2A-4BE2-8406-1E3AC49C5C1F/9600.16384.WINBLUE_RTM.130821-1623_X64FRE_SERVER_SOLUTION_EN-US-IRM_SSSO_X64FRE_EN-US_DV5.ISO
  I tried burning these images to DVD and booting my Intel NUC with resulting disc.  Setup goes fine but it asks me for a product key.  I have not received any mail nor was there any pointers to a product key.  This is why I tried both R1 and R2.
  I found a similar post here regarding this issue (in fact I found a couple):
  http://social.technet.microsoft.com/forums/windowsserver/en-US/db7fd5b9-f58d-4456-86cf-816ec91ded14/windows-server-2012-trial-key-did-i-miss-it
  But the answers were unsatisfactory, so please do not give me the same response.
  Just in case the question/directive comes up, I redownloaded and re-burned the images using sector verification.  There are no checksums posted on the site so who knows if something got broken while downloading it, but I find it extremely unlikely that
  a few bad sector would cause the intaller to forget its evaluation key rather than borking the whole installer.
  Further note that I tried "Windows Server 2012 R2" (standard / non-essentials) and that image correctly had the trial versions baked in.  So, I would bet dollars to donuts the problem lies in the images not in a download / burn failure.
  I want to use the new NUC as a central content/backup server for all the home computers which are unfortunately growing at bunny reproduction rates.  Since Windows Home Server was discontinued, I was pointed to Server 2012 R2 as the alternative / upsell. 
  Let me know if this is the case or if a better-fit product exists.
  Also, is the "Essentials" install a simply a licensing matter (e.g., 25 user cap) or is it more fundamentally crippled than the standard version?  I am only a home enthusiast and so not really interested in using the product in a production environment. 
  I only want some ensurance that if I download "standard", I can put in an "essentials" key at the end of evaluation.  If not, then please point me to a correct "Windows Server 2012 R2 Essentials" trial image.
  Thanks,
  Ryan

  Hi Ryan,
  à
  http://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-essentials
  We can find following description from this TechNet Evaluation Center website. Then please check if you can
  find product key.
  In addition, for Windows Server 2012 Essentials, please check if you can use
  HHRHF-YMNJW-RPGCC-VV68W-BWMVY. For Windows Server 2012 R2 Essentials, please check if you can use
  R9N79-23MWD-MBP9B-KHF8Q-C36WX.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Windows Server 2012 R2 RDS + User profile Disks + App-V = Explorer.exe crashing all of the time

  I have built a new RDS farm on Windows Server 2012 R2 with two Session Hosts and a combined Connect Broker/Web Access server. I had the farm up and running with User Profile Disks and all seemed OK. However, as soon as I installed the App-V 5.0 SP2 RDS
  client on the session hosts, the explorer.exe process started crashing for any user logging in via the Web Access site. The process crashes and restarts every five to ten seconds. It's the same for administrators. If they log in via Web Access explorer.exe
  crashes, but if they RDP directly to one of the session hosts explorer.exe is fine. If I reboot the session hosts, then the first user to log in via Web Access has a stable desktop session (and appears to have a new profile as well). However, if that user
  logs out and back in again, explorer.exe starts crashing again. The only applications I have packaged at the moment are Office 2013 and Firefox.
  I tried disabling User Profile Disks, but this caused a whole bunch of other problems and I eventually lost the ability to log in at all via Web Access (errors about the user profile service). As this is a small pre-production environment I completed scrapped
  all of the servers and rebuilt from scratch. Again, everything appeared fine until I installed the App-V client, then explorer.exe started crashing repeatedly for all users.
  Has anyone come across this issue before? I have tried installing the App-V 5.0 SP2 Hotfix Package 2, but this didn't help. I have read in a few forums that App-V doesn't work very well with User Profile Desks, but I have not heard of this particular issue.
  Similarly, SP2 seems to have a lot of problems, so I am going to try removing App-V RDp Client SP2 and installing SP1. I ahev also deleted User Profile Disks for the test users to recreate their profiles, but this didn't help either.
  Any other suggestions welcome!

  I forgot to include the application event log entry for explorer.exe crashing:
  Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
  Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532954fb
  Exception code: 0xc06d007e
  Fault offset: 0x0000000000005bf8
  Faulting process id: 0xae8
  Faulting application start time: 0x01cfab3a273787fd
  Faulting application path: C:\Windows\explorer.exe
  Faulting module path: C:\Windows\system32\KERNELBASE.dll
  Report Id: 69210d77-172d-11e4-80c6-0050560102d1
  Faulting package full name: 

• Can I install Acrobat in a Windows Server 2008 for many users?

  I'm looking for a solution for my enterprise to install Adobe Acrobat in Windows Server 2008 R2, where the users connect by remote desktop. I'm looking for a form for they use Acrobat by the same form they uses now Reader. But not for all, only for some of this users.
  I called a responsible and he told me that I can install Acrobat for some users in Windows Server 2008 R2, but I'm not sure if that solution will be legal.
  Can I buy a special license for it or I have to buy a license for each user? How can I proceed to do this, if it's possible?
  Thanks in advance for you attention!

  Use a mozilla.cfg file in the Firefox program folder to lock prefs or specify default values.
  Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.
  pref("general.config.filename", "mozilla.cfg");
  pref("general.config.obscure_value", 0); // use this to disable the byte-shift
  See:
  * http://kb.mozillazine.org/Locking_preferences
  You can use these functions in mozilla.cfg:
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes in current session
  lockPref(); // lock pref, disallow changes
  <pre><nowiki>lockPref("app.update.enabled", false);</nowiki></pre>

• Can't change search options in Outlook 2007 on Windows Server 2008R2 Remote Desktop Users

  One of my users is trying to change search options in Outlook 2007.
  But he can't change the search options.
  He is working with Outlook 2007 on Remote Desktop Services 2008 r2.
  We doen't use cache mode on terminal server.
  Any sugesstion how we can enabling search options for remote desktop  users ?

  Hi Roel,
  Thank you for posting in Windows Server Forum.
  To customize Instant Search options by using Group Policy 
  - In Group Policy, load the Office Outlook 2007 template (Outlk12.adm).
  - To customize how results are displayed, under
  User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options\Preferences\Search Options, double-click the setting that you want to set. For example, double-click Turn off wordwheel.
  - Click Enabled. For hit highlighting color, choose a color from the Background Color drop-down list.
  - Click OK.
  More information.
  Configure Instant Search options in Outlook 2007
  http://technet.microsoft.com/en-in/library/cc178983(v=office.12).aspx
  In addition, perform below steps to edit the registry key and check.
  Step 1: Open the Registry Editor application.
  Step 2: In the Registry Editor, click the Edit menu and select Find. Type PreventIndexingOutlook in the search field and click Find Next.
  Step 3: Right click PreventIndexingOutlook and select Modify. Change its Value data to
  0 and click OK.
  Step 4: Search again by clicking the Edit menu and select Find. Type SetupCompletedSuccessfully in the search field and click Find Next. Locate this key.
  Step 5: Right click the SetupCompletedSuccessfully key and select Modify. Change its Value Data to 0 and click OK.
  Step 6: Restart your computer and you will now be able to perform advanced searches in Microsoft Outlook.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Need log of the users who changed the partner profiles.

  Hi,
  Some user has been changed partner profiles of the CUA configuration Setup.
  It is displaying only Agent Name. They delete the Inbound and outbound parameters of the partner profiles created by CUA. So, I need to trace out the user who changed these parameters.
  It will be appreciate if anybody can help in this issue.
  Thanks,
  Shiva.

  I resolved this issue by deleting the partner profiles created by CUA in all child clients. And delete the Distribution model in all child clients and re-distribute the distribution model from Master client.
  Now its working fine.
  But I am not able to trace out the user who changed partner profiles. I checked in ST03N but i didnt get the information abt the we20. ( I am using ECC 6.0 version).
  And in WE20 it is not showing any User ID who changed the partner profiles. I checked in following tables but I didnt find any changed details of partner profiles.
  EDIPHO
  EDMSG
  EDP12
  EDP13
  EDP21
  EDPP1
  T002T
  T005T
  Regards,
  shiva.

• ORA-00054 - Find user who have lock

  Hi,
  I'm using "select for update NOWAIT" in my application for editing records. It works but after I catch ORA-00054 I want to find username who have the lock.
  The basic step is propably to query view v$lock and propably after then some else view.
  Thanks for any idea/solution
  SASA

  You'll need to scroll down a while to get to your particular question in the thread I linked... I believe it's about a third of the way down.
  It is not possible to know who is locking a particular row unless there are two sessions that are blocking each other. If session 1 has a lock on a particular row and session 2 requests a lock on that same row and session 2 is waiting for that lock to free up, session 3 can query the v$lock table to see which session holds the lock and which session is waiting for the lock. Assuming everyone is logging in with their own user name, you can join this information with v$session to find out the username of the person holding the lock. In your case, though, no session is ever blocked, so you cannot determine who owns the lock.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC