I have used the tool extensively. It is pretty good. It should work for
NT4 as well as 2000. It may not find all DC's in the domain (sorry I do
not have NT4 domain to test). But DC's can be added manually. It proved
to be invaluable in finding which computer locked a user out. Since it
can search on specific event id's as well as text strings. There are a few
minor bugs, but overall very capable tool.
Thank you, Tony.
Tony Gordon, Windows 2000 MCSE
tony dot gordon at hewitt dot com
Windows Server Infrastructure
Phone: 847.295.5000 x14534
Fax: 847.295.8877
Hewitt Associates
Luiz Felipe Gasparini <felipe (at) ish.com (dot) br [email concealed]>
07/02/2003 10:16 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
cc:
Subject: Re: Managing Windows Event Logs
In-Reply-To: <20030701175803.2118.qmail (at) www.securityfocus (dot) com [email concealed]>
Someone have tried to use the EventComb tool from Microsoft?
It only works at windows 2000 network (not nt4), because it searches on AD
for all servers in selected domain.
You can also search for specific events on the servers.
EventComb is part of security operations guide for windows 2000 server.
You can find it at http://www.microsoft.com/downloads/release.asp?
NT4 as well as 2000. It may not find all DC's in the domain (sorry I do
not have NT4 domain to test). But DC's can be added manually. It proved
to be invaluable in finding which computer locked a user out. Since it
can search on specific event id's as well as text strings. There are a few
minor bugs, but overall very capable tool.
Thank you, Tony.
Tony Gordon, Windows 2000 MCSE
tony dot gordon at hewitt dot com
Windows Server Infrastructure
Phone: 847.295.5000 x14534
Fax: 847.295.8877
Hewitt Associates
Luiz Felipe Gasparini <felipe (at) ish.com (dot) br [email concealed]>
07/02/2003 10:16 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
cc:
Subject: Re: Managing Windows Event Logs
In-Reply-To: <20030701175803.2118.qmail (at) www.securityfocus (dot) com [email concealed]>
Someone have tried to use the EventComb tool from Microsoft?
It only works at windows 2000 network (not nt4), because it searches on AD
for all servers in selected domain.
You can also search for specific events on the servers.
EventComb is part of security operations guide for windows 2000 server.
You can find it at http://www.microsoft.com/downloads/release.asp?
releaseid=36834
Luiz Felipe Gasparini
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
[ reply ]