Today I found out that the command I use to find duplicate SPNs, setspn -x
is case sensitive, meaning that the following SPNs don't count as
duplicates:
HOST/bla
HOST/BLA
This makes sense when using UNIX systems for TGS creation.
However, Active Directory Domain Controllers, being Windows systems, are …
Since Event Log Subscription doesn't have a module or a .NET class,
interacting with its settings and status has to be done either via UI or
the command line utility, wecutil.exe
I was especially interested in getting the computers runtime status, to
see which machines are failing …
When I want to search for events in Windows Event Log, I can usually make do with searching / filtering through the Event Viewer. For instance, to see all 4624 events (successful logon), I can fill the UI filter dialog like this:
But sometimes I …
more ...I often get asked by some other IT guy "why does user XXXXX keep on getting locked out?"
Let me clue you in on something - users (almost) always get locked out for the same reason: They try the wrong password too many times.The reasons for THAT, however, are quite …
more ...Today I saw some collector-initiated event log subscriptions that displayed a weird error, something like
Windows Event Forward plugin can't read any event from the query since the query returns no active channel. Please check channels in the query and make sure they exist and you have access to …I've recently implemented an enterprise-wide solution of event
collection in our organization, using Windows' built-in mechanism called
the Windows Event Collector.
This mechanism allows you to collect events from computers running
Windows NT5+ (XP/Server 2003 and greater) into Windows NT6+
(Vista/Server 2008 and greater) machines. The only basic …
I'm going to keep it short, because there's a lot of technical background.
So, I'm assuming you know about:
So, to business:
Event viewer data is stored in .evt/.evtx files in %SystemRoot%\System32\Winevt\Logs\, but as …