If you do not specify an output directory, the default location is C:\Temp. On the Options menu, click Set Output Directory, select an existing folder, or click New Folder to create a new folder to save the output to, and then click OK. To search the event logs for account lockouts, follow these steps: The EventCombMT utility is included in the Account Lockout and Management Tools download (ALTools.exe). To download the EventCombMT utility, download Account Lockout and Management Tools. Additionally, you can add event ID 12294 to search for potential attacks against the Administrator account. The Account Lockouts search is preconfigured to include event IDs 529, 644, 675, 676, and 681. Some specific search categories are built-in, such as Account Lockouts. How many minutes, hours, or days back to scan. The following are some of the search parameters that you can specify: You can configure EventCombMT to search the event logs in a very detailed fashion. This article describes how to use the EventCombMT utility (EventCombmt.exe) to search the event logs of multiple computers for account lockouts.Īpplies to: Windows Server 2012 R2 Original KB number: 824209 More informationĮventCombMT is a multithreaded tool that you can use to search the event logs of several different computers for specific events, all from one central location.
0 Comments
Leave a Reply. |