Lansweeper logo
Home Download Features Demo Buy now Help Support forum
 
    Most requested support articles:
  Lansweeper troubleshooting guide.
  The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
  WMI Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
  How to configure the windows firewall using group policies.
  Support:  
 support@lansweeper.com  
Skype: Lansweeper  
  Mo-Fri 9h-17h CET  
Welcome Guest Search | Active Topics | Log In | Register

Untag as favorite
Scanning Group and Account Changes from the Event Log
Options
Previous Topic Next Topic
pjbate
#1 Posted : Tuesday, September 13, 2011 2:49:55 AM

Rank: Premium user

Groups: Member, Premium Users
Posts: 24
Location: Brisbane
Hi there,

I am trying to capture user account and group changes using Lansweeper. I'd like to be able to report on the following event ids:

Event ID 608 – User Right Assigned
Event ID 609 – User Right Removed
Event ID 626 – User Account Enabled
Event ID 628 – User Account Pass set
Event ID 630 – User Account Delete
Event ID 631 – Global Group Created
Event ID 632 – Global Group Member Added
Event ID 633 – Global Group Member Removed
Event ID 634 – Global Group Deleted
Event ID 635 – Local Group Created
Event ID 636 – Local Group Member Added
Event ID 637 – Local Group Member Removed
Event ID 638 – Local Group Member Deleted
Event ID 639 – Local Group Changed
Event ID 641 – Global Group Changed
Event ID 642 – User Account Changed

I know there is some history reporting available but it doesn't grab everything (e.g. I removed an accoung from a group this morning but don't see the event 633 at the time, but I do see other events.

Is it possible to capture these events too and if so how?

Thanks,
Peter
Back to top
Lansweeper
#2 Posted : Tuesday, September 13, 2011 6:54:08 AM

Rank: Administration

Groups: Administration, Premium Users
Posts: 10,378
In the configuration tool, click on the scanning server, tab options.
There you can select "information events" to be scanned.
(don't blow up your database)
Back to top
pjbate
#3 Posted : Wednesday, September 21, 2011 3:58:02 AM

Rank: Premium user

Groups: Member, Premium Users
Posts: 24
Location: Brisbane
Thanks for the pointer. I am collecting logs now and have not yet broken the database.

Cheers,
Peter
Back to top
Lansweeper
#4 Posted : Thursday, September 22, 2011 4:57:29 PM

Rank: Administration

Groups: Administration, Premium Users
Posts: 10,378
To keep your database size within reasonable limits while scanning information events, you could lower the number for "Delete eventlog entries after". This setting can be found in the configuration console under Your Scanning Server/Options/Scanning & Cleanup Options.
Back to top
Users browsing this topic
Guest
Untag as favorite
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Contact: E-mail Lansweeper - Skype : Lansweeper
Copyright 2004 - 2011 © Hemoco bvba