We use EventcombMT to scan our domain controllers for Event 4740, which tells us what server/PC is causing a user to get locked out.
It runs fine when we run it from a domain controller.
But when I run it from my Windows 7 laptop logged on as a domain admin it successfully scans the exact same number of events but doesn't show any hits on 4740.
It appears to be the same number of event log entries scanned and the same settings chosen in the search. But it gets results when run from the domain controller but none if we run it from out desktops/laptops.