If you have remote administration access enabled workstations (GPO firewall exception needed, if you don’t), you could perform a WMI query to Win32_NTLogEvent for the pertinent event IDs and username.
-Mike *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Graeme Carstairs *Sent:* Monday, February 08, 2010 10:00 AM *To:* NT System Admin Issues *Subject:* Easy way to scan all security logs on Domain connected PC's Hi, We have a requirement to scan all the security logs for all the PC's, laptops and servers in a domain to see if a user attempted to logon to any off them over a weekend. Does anyone know of something that could pull all the logon failures from these logs and let me look at them to see if that use is listed. Thanks Graeme -- Good news everyone, you have just received and e-mail from me! Stephen Leacock<http://www.brainyquote.com/quotes/authors/s/stephen_leacock.html> - "I detest life-insurance agents: they always argue that I shall some day die, which is not so." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
