4
A computer in domain is randomly shut down by someone (he was caught once)!
He uses shutdown /s /f /t 0 /m \\computername
in windows command line to accomplish this.
After the incident some computers randomly shut down several times a week, but maybe not by the same person.
Now the question is: Is it possible to detect / monitor if a computer was shut down remotely, and by who? (eg in Event Viewer)
1Maybe you can take a look in System Event log? I think it should contain some details about which process initiated the shutdown. – Eugene S – 2013-03-19T08:56:22.173
@EugeneS - the system log does not contain any info related to shutdowns. – armen – 2013-03-27T14:47:15.493