<div>
I encourage you to dump that old eventcomb.<br />
Powershell is by far more flexible and compatible.<br />
<br />
Sorry, I have no idea why it wouldn't work, we dumped eventcomb and dumpel.exe years ago.
</div>


I encourage you to dump that old eventcomb.
Powershell is by far more flexible and compatible.

Sorry, I have no idea why it wouldn't work, we dumped eventcomb and dumpel.exe years ago.

<div>
Another alternative, neat, why not. Event-triggering is the best way here, right.
</div>


Another alternative, neat, why not. Event-triggering is the best way here, right.

<div>
Found an alternate process. Google to the rescue!
</div>


Found an alternate process. Google to the rescue!

<div>
<div class="content wysiwyg-content">
We use EventcombMT to scan our domain controllers for Event 4740, which tells us what server/PC is causing a user to get locked out.<br />
<br />
It runs fine when we run it from a domain controller.<br />
But when I run it from my Windows 7 laptop logged on as a domain admin it successfully scans the exact same number of events but doesn't show any hits on 4740. <br />
<br />
It appears to be the same number of event log entries scanned &nbsp;and the same settings chosen in the search. But it gets results when run from the domain controller but none if we run it from out desktops/laptops.<br />
<br />
Ideas?
</div>
</div>


We use EventcombMT to scan our domain controllers for Event 4740, which tells us what server/PC is causing a user to get locked out.

It runs fine when we run it from a domain controller.
But when I run it from my Windows 7 laptop logged on as a domain admin it successfully scans the exact same number of events but doesn't show any hits on 4740. 

It appears to be the same number of event log entries scanned  and the same settings chosen in the search. But it gets results when run from the domain controller but none if we run it from out desktops/laptops.

Ideas?

EventcombMT won't pull 4740 events from a remote domain controller.

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.