We have a custom service that has been installed on one of our Windows servers that is getting started manually without anyone knowing about it. The event logs only show that it was started, not WHO started it or from WHERE. Has anyone used LEM (or Orion/SAM) to track this kind of information? Can you help me figure it out?
The logs should show who or what started it. It may be another service or the system. These tools won't be able to show you what isn't in the logs. That is how they would work. You could look for system logins around that time too