We’ve released some free code for LDAP and Active Directory hackers in the past, Zetetic.Ldap, but now we’ve got something for the Windows and AD sysadmins out there: Zetetic.Events Shell.
The Zetetic.Events Shell is a free, fast, and efficient tool to extract Event Log data for Active Directory and Windows computers (Server 2008, Vista, Windows 7, or newer), allowing you to find out where and when important things happened.
Sounds simple, but it’s a really dynamic instrument that’s particularly handy for security auditing, e.g. when you need to know who has changed a particular security group and when. Conceived and implemented by our identity guru Steve Kradel, we’ve found Zetetic.Events Shell to be pretty handy in the identity work we do for our clients and we think you will, too. You can download it here and see a more complete example of how it works.
Let us know what you think, if you find any bugs, or have feature requests. We’re providing the Zetetic.Events Shell at no charge in the hopes that it will be useful to the community, and as a preview of our industrial-strength, realtime auditing package, coming in late Q3 2011. Key features of the full Zetetic.Events Pro package will include:
You can join the mailing list on the download form for Zetetic.Events Shell and we’ll let you know when the Pro version becomes available.