Dave, One way to handle what you want to do is to install a syslog client on each Windows machine in question, and then have all of the events sent to a remote syslog server.
I teach an incident response course for NT/2K/XP (http://patriot.net/~carvdawg/ir.html) and I recommend something like this, as it makes perfect sense. There are several freeware syslog clients available, as well as a syslog server or two. http://www.counterpane.com/log-analysis.html#config_nonunix HTH __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/
