4 Replies Latest reply on Aug 17, 2018 9:49 AM by kreases

    Event Log Monitoring - Windows 2008

    kreases

      Our service desk get calls for locked out accounts, when they do they look at the SAM monitor that is set up to show the event id 644 in Windows 2003, this works great, they do a search on the list for the account number being effected and the message shows the account number and Server in question, they don't have to do anything else.

       

      They used to have to check four Windows 2003 domain Servers for the lock outs however we have added a further four domain controllers which are running Windows 2008, in this case we check for event id 4740, this works fine but when the service desk come to look at the list and filter it down by the users account the message no long shows the account and server in the list they have to click on each of the event entries to see this which as you can imagine having to do that on multiple messages adds work/time to an already busy desk.

       

      Now I realize this is down to the different format of the event log in Windows 2008 compared to Windows 2003 but in an effort to try and help the service desk I wondered if anyone had come across this before and had found a way to show the account and server name on the message list, thanks in advance.