Hi,
I woluld like to know if it is in some way possible to collect in a single centralized location al the security audit events collected by all DCs in the same domain (Windows 2008 R2 and Windows 2003 mixed domain)
I have a situation in which a script located on an unidentified remote server is causing the lock-out of an account since it attempts to run something with an error password hardcoded in the script. Unfortunately we have dozens of DCs in the same domain and hundreds of servers. I would like to activate logon failure policy on each DC and centralize in a single location all events collected by each DC to easily and quickly identify the system responsibel of the lock-out.
I tried to understand if this is somewhere documented but I did not find anithing.
Is this action possible? How?
Thank you.
Plo