How to detect events that refer to administrators
GFI EventsManager enables you to detect Windows events that refer to administrators.
Detect events generated by users with administrative privilege
NOTE
For each Windows event there is a field that describes if the event refers to an administrator. You can define filters, rules or custom reports based on this field.
NOTE
For practice/evaluation purposes, we suggest you go to the Browser tab>Windows Events and create a view that will show only the Security events that refer to administrators.