You could use eventcombmt
On Mon, Feb 8, 2010 at 11:13 AM, Michael Waltonen <walto...@umn.edu> wrote: > If you have remote administration access enabled workstations (GPO > firewall exception needed, if you don’t), you could perform a WMI query to > Win32_NTLogEvent for the pertinent event IDs and username. > > > > -Mike > > > > *From:* bounce-8816625-8243...@lyris.sunbelt-software.com [mailto: > bounce-8816625-8243...@lyris.sunbelt-software.com] *On Behalf Of *Graeme > Carstairs > *Sent:* Monday, February 08, 2010 10:00 AM > *To:* NT System Admin Issues > *Subject:* Easy way to scan all security logs on Domain connected PC's > > > > Hi, > > > > We have a requirement to scan all the security logs for all the PC's, > laptops and servers in a domain to see if a user attempted to logon to any > off them over a weekend. > > > > Does anyone know of something that could pull all the logon failures from > these logs and let me look at them to see if that use is listed. > > > > Thanks > > > > Graeme > > > > -- > Good news everyone, you have just received and e-mail from me! > > Stephen > Leacock<http://www.brainyquote.com/quotes/authors/s/stephen_leacock.html> - > "I detest life-insurance agents: they always argue that I shall some day > die, which is not so." > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
