Admin accounts have greater access to an endpoint and can alter its configuration and affect the services running upon it.
Knowing that a new Admin account has been created will be alerted on to ensure that you are aware it has been created and to take action if it is unexpected.
This ARO is triggered by Windows Event Log entries that correspond to users being added to security-enabled group, either local or global. Field Effect combines multiple events from a single system, on a per user basis, into a single ARO.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article