SharePoint Members group changed on Extended site RRS feed

  • Question

  • We have a SharePoint site using Claims authentication at http://ourcompany.com. Using User Policy, we have denied Write to all users.

    We then extended this site to another IIS site at https://ourcompany:1234 and set that to use NTLM for authentication so our Admin team has a 'backdoor' to make minor changes if necessary.

    Last night, a SharePoint Administrator made a change to the Members group by removing users who do not need to be in this group (used strictly for read permissions on some pages).

    This morning, when we look at the Members group in both the primary and 'backdoor' site, the original group members are there. We have screenshots of the Admin removing the users, so we *know* they were not there at some point in time in the past 24 hours.

    Can anyone advise how this might have happened? I cannot find (with the limited tools we have) a way to review the modification of the SharePoint group itself (date/time) to try to correlate it to a timer job/process.

    - Thank you. Respectfully, Janette M. Ricker

    Friday, December 21, 2012 3:13 PM