DCOM Hardening Error Events Audit

Audit Your Windows Event Logs For DCOM Hardening Errors

The Windows event log contains an extreme amount of data about the computer ranging from login data to errors generated on the computer. By default, Lansweeper will scan all the error events generated by the Windows computer. Additionally, you can enable scanning other event log information. These errors can be used to both discover and resolve issues on your computers, preventing downtime.

With Microsoft forcing DCOM hardening soon, it is important to ensure that all devices, services, and applications using DCOM will continue to work without issue. Using the Windows error events 10036, 10037, 10038, problems can be identified before DCOM hardening will be forced. The audit below provides an overview of all instances of event ID 10036, 10037, 10038 in the last 7 days. Read more about the DCOM hardening changes and the effect it can have on your IT environment in our DCOM Hardening pro tips blog post.

DCOM Hardening Error Events in the last 7 days Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysOS.OSname As OS,
tblAssets.Lastseen,
tblNtlog.TimeGenerated,
tblNtlog.Eventcode,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblNtlog On tblNtlog.AssetID = tblAssets.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblNtlog.TimeGenerated > GetDate() - 7 And (tblNtlog.Eventcode = 10036 Or
tblNtlog.Eventcode = 10037 Or tblNtlog.Eventcode = 10038 Or
tblNtlog.Eventcode = 10028) And Case tblNtlog.Eventtype
When 1 Then 'Error'
When 2 Then 'Warning'
When 3 Then 'Information'
When 4 Then 'Security Audit Success'
When 5 Then 'Security Audit Failure'
End = 'Error' And tblState.Statename = 'Active'
Order By tblNtlog.TimeGenerated Desc,
tblAssets.Domain

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Download Lansweeper

Lansweeper-Network-Discovery

2. Scan Your Network

Configuring the First Run Wizard

Overview of Scanning Methods

Save-and-Run-the-Report

3. Run the Audit & Take Action

How to Run an Audit

Download Lansweeper to Run this Audit

Harness the Power of Reporting

Download Lansweeper

Product

Key Features

Company

Partners

Resources

Contact

Talk to Sales

Help Center

Get your hands on the latest news, vulnerability updates & network reports.
  • Hidden
  • This field is for validation purposes and should be left unchanged.
Facebook Twitter Youtube Linkedin Reddit