I am currently constructing a number of reports showing information relating to our domain controllers.
host=domaincontrollers* EventCode=>4944 OR EventCode<=4945 OR EventCode=4946 OR EventCode=4947 OR EventCode=4948 OR EventCode=4949 OR EventCode=4950 OR EventCode=4951 OR EventCode=4952 OR EventCode=4953 OR EventCode=4954 OR EventCode=4957 OR EventCode=4958
This report should list MPSSVC Rule-Level Policy Changes for the Windows Firewall on the domain controllers.
When there are ranges of event codes available (as above with EventCode 4944-4954) is there a better way to capture all events in a more efficient way?
Many thanks in advance for any help you can offer.