Hi Reatesh,
Thanks for responding. Here are the seaudit, after running the same command.
The 1st time running nr TERMINAL produced the warning -> 'TEST_PC' is not the TERMINAL's fully qualified name (it is 'TEST_PC.localdomain')
19 May 2023 10:42:04 S UPDATE TERMINAL WIN-xxxx\xxadmin 305 0 TEST_PC WIN-xxxx nr terminal TEST_PC owner(nobody) defacc(n)
Event type: Security database administration
Command type: Add resource
Status: Successful
Administrator: WIN-xxxx\xxadmin
Class: TERMINAL
Object: TEST_PC
Terminal: WIN-xxxx
Date: 19 May 2023
Time: 10:42
Details: Command allowed for ADMIN user.
Command: nr terminal TEST_PC owner(nobody) defacc(n)
Audit flags: AC database user
Run rr TERMINAL
19 May 2023 10:43:07 S UPDATE TERMINAL WIN-xxxx\xxadmin 305 0 TEST_PC WIN-xxxx rr terminal TEST_PC
Event type: Security database administration
Command type: Remove resource
Status: Successful
Administrator: WIN-xxxx\xxadmin
Class: TERMINAL
Object: TEST_PC
Terminal: WIN-xxxx
Date: 19 May 2023
Time: 10:43
Details: Command allowed for ADMIN user.
Command: rr terminal TEST_PC
Audit flags: AC database user
Run nr TERMINAL the 2nd time
19 May 2023 10:43:23 S UPDATE TERMINAL WIN-xxxx\xxadmin 305 0 TEST_PC.localdomain WIN-xxxx nr terminal TEST_PC owner(nobody) defacc(n)
Event type: Security database administration
Command type: Add resource
Status: Successful
Administrator: WIN-xxxx\xxadmin
Class: TERMINAL
Object: TEST_PC.localdomain
Terminal: WIN-xxxx
Date: 19 May 2023
Time: 10:43
Details: Command allowed for ADMIN user.
Command: nr terminal TEST_PC owner(nobody) defacc(n)
Audit flags: AC database user
Thanks again.
Regards,
Ain
Original Message:
Sent: May 18, 2023 02:04 AM
From: Reatesh Sanghi
Subject: PAMSC - question on TERMINAL
Hello Ain,
Can you check the seaudit results from the same time?
Thanks,
Reatesh.
Original Message:
Sent: May 18, 2023 01:36 AM
From: Ain Abdullah
Subject: PAMSC - question on TERMINAL
Hi all,
OS on endpoint: Windows Sever 2019
PAMSC version: 14.10.0.1265
Done some test on this endpoint with result as follows.

Questions:
- Is there any difference between creating the terminal with FQDN or with a short name?
nr terminal TEST_PC.localdomain owner(nobody) defacc(r)
VS
nr terminal TEST_PC owner(nobody) defacc(r)
- After deleting the resource, why was there no warning when running the same command with a short name?
Thanks.
Regards,
Ain