The Windows event log contains an extreme amount of data about the computer ranging from login data to errors generated on the computer. By default, Lansweeper will scan all the error events generated by the Windows computer. Additionally, you can enable scanning other event log information. These errors can be used to both discover and resolve issues on your computers, preventing downtime.
With Microsoft forcing DCOM hardening soon, it is important to ensure that all devices, services, and applications using DCOM will continue to work without issue. Using the Windows error events 10036, 10037, 10038, problems can be identified before DCOM hardening will be forced. When you identify issues it is important to contact the vendor or manufacturer as soon as possible to resolve the issue before these changes are forced on all Windows devices. Read more about the DCOM hardening changes and the effect it can have on your IT environment in our DCOM Hardening pro tips blog post.
The chart below provides an overview of the number of times Windows event ID 10036, 10037, or 10038 has occurred on devices in the last 7 days. The report can be modified to show a longer period of time by replacing «GetDate() – 7» with a higher number of days.
To use this in a chart widget, prefix the report name with «Chart:» and select it in the chart report widget found on a dashboard.
DCOM Hardening Error Events Chart Query
Select Distinct Top 1000000 tblAssets.AssetName,
Count(tblNtlog.TimeGenerated) As Instances
From tblAssets
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Where tblNtlog.TimeGenerated > GetDate() - 7 And (tblNtlog.Eventcode = 10036 Or
tblNtlog.Eventcode = 10037 Or tblNtlog.Eventcode = 10038 Or
tblNtlog.Eventcode = 10028)
Group By tblAssets.AssetName