G
Guest
I'm the NA for a bank and we use "Intrust for Events" to log and report our
account lockouts (regulatory requirement). In the past, we've only polled our
DC's for lockouts. We just migrated to 2003, and I've found the client now
records the lockout and the DC doesn't seem to get a carbon copy of the
lockout (539). In my reading, it appears 2003 treats lockouts differently and
"offloads" the event recording to the client PC, whcih the client dutifully
records, but not the DC.
Does anyone know of a way to have all "domain" security events sent to one
of the DC's? Even if the client could somehow CC the DC. It would be a real
PITA to have to coordinate the capture of 200 client's security logs, and not
to mention the cost of licensing for 197 PC's instead of 3 DC's.
Any ideas would be greatly appreciated!!
Thanks!!
account lockouts (regulatory requirement). In the past, we've only polled our
DC's for lockouts. We just migrated to 2003, and I've found the client now
records the lockout and the DC doesn't seem to get a carbon copy of the
lockout (539). In my reading, it appears 2003 treats lockouts differently and
"offloads" the event recording to the client PC, whcih the client dutifully
records, but not the DC.
Does anyone know of a way to have all "domain" security events sent to one
of the DC's? Even if the client could somehow CC the DC. It would be a real
PITA to have to coordinate the capture of 200 client's security logs, and not
to mention the cost of licensing for 197 PC's instead of 3 DC's.
Any ideas would be greatly appreciated!!
Thanks!!