This tip was submitted to the SearchWin2000.com Tip Exchange by member Todd Plesco. Let other users know how useful it is by rating the tip below.
Obtain an Excel-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server in your domain. Using the Resource Kit's dumpel.exe utility, you can create a file called stats.csv, then optionally convert the three digit access codes using FR.EXE (i.e. File Search/Replace Version 1.4 by Tony Provalov, built Dec. 16, 1999) to decipher the three digits to text of logon/logoff/badpasswords.
From command line, type:
{pdcservername}c$winntsystem32dumpel -f stats.csv
-s {servername} -l security -d 1 -format uIdt -c
From the command line, then run this code as a batch file:@echo off fr stats.csv "528" "console user logon " stats1.csv fr stats1.csv "538" "console user logoff " stats.csv fr stats.csv "540" "network user logon " stats1.csv fr stats1.csv "673" "service ticket granted" stats.csv fr stats.csv "681" "network logon FAILURE " stats1.csv fr stats1.csv "539" "account LOCKED OUT " stats.csv fr stats.csv "529" "BAD PASSWORD to log in" stats1.csv fr stats1.csv "680" "account used to log in" stats.csv
Requires Free Membership to View
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.
Margie Semilof, Editorial Director
This was first published in February 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation