Security Enabled Global Group Member Removed:%n\r\n%tMember Name:%t%1%n\r\n%tMember ID:%t%2%n\r\n%tTarget Account Name:%t%3%n\r\n%tTarget Domain:%t%4%n\r\n%tTarget Account ID:%t%5%n\r\n%tCaller User Name:%t%6%n\r\n%tCaller Domain:%t%7%n\r\n%tCaller Logon ID:%t%8%n\r\n%tPrivileges:%t%9%n\r\n
| Source | Event Log | Event ID | Event Type |
|---|---|---|---|
| Security | Security | 633 | Success Audit |
This event record indicates that a member has been removed from a global group. This event also occurs when a user account is deleted and removed from the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record. Removing members from groups can have security implications. This is especially true when a user is removed from the Administrator group.
The person with administrative rights for the computer should check to see who is being removed from groups that have security implications. Make sure that users removed from security sensitive groups really should be removed.