Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way...
If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command "ZeShell -e delete,after=20-july-2011" will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar "1,2,3,5-10" format. Just type "ZeShell -?" for details. You'll need to be in the "Event Log Readers" group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin