Question : User Security Issue on Server 2003 R2 Standard

I have a Server 2003 R2 Standard server that is allowing a domain user to add a user group to the Administrators Group allowing everyone full access to the server. I found it last week and again today.

I have checked the obvious permissions for each user and groups and I can not see how it's being done. Each user has local machine rights via a group I added to the administrators group on each PC, the local admin PW is not the same as the Server admin PW.

I'm short on ideas on how to locate the problem and the person. Is there a way to check all the security on the system or record when a change has been made to a users or groups permissions via the event log or other logging tool?

Thank you

Answer : User Security Issue on Server 2003 R2 Standard

Through policy

Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy

Thanks

Mike