I know in configuration history it shows who has been added/removed to/from local windows Administrators group. Is it possible to also include who (account) did so?
I always have to check security eventlogs on a machine to find out who exactly granted someone admin right. I also know that Lansweeper can parse security eventlogs, but the problem is it adds too much data to database. And with the blacklisting way to filter records, it makes it very hard to limit the scope to only a few event IDs that I care.