# /usr/dist/sso/rpcclient -I $HOST -U $USERNAME%$PASSWORD -c "eventlog_poll -m STDOUT -i -q security" \\\\$HOST

Notes:

• Command text may wrap to a new line, but the command is a single entry.
• The \ characters before "$Host" must be escaped and a total of four \ is correct.

If this command fails, ensure that the password is not using any special characters like # $ ! ^ @

• This command cannot be used with a password that contains special characters, so you must change the password to not use these characters in order for the command to work.

To exit the program press CTRL+C

You can use the Administrator account or a Domain Administrator to test whether the connection is working only.

For security reasons DO NOT USE AN ACCOUNT WITH DOMAIN ADMINISTRATOR PRIVILEGES.

Examples:

The result of the command should be similar to the following:

# /usr/dist/sso/rpcclient -I 10.6.1.230 -U administrator%N0tYourPa$$word -c "eventlog_poll -m STDOUT -i -q security" \\\\10.6.1.230
Login N: 2133128 T: 540 User: SUP-DC$ Host: (null) IP: 127.0.0.1
Login N: 2133131 T: 528 User: adavies Host: SUP-DC IP: 10.244.1.186

User: SUP-DC$ Host: (null) - is a Computer login
User: adavies Host: SUP-DC - is a user login in to SUP-DC$ 

The following error results from an incorrect password:

# /usr/dist/sso/rpcclient -I 10.6.1.230 -U administrator -c "eventlog_poll -m STDOUT -i -q security" \\\\10.6.1.230
Password:
failed session setup with NT_STATUS_LOGON_FAILURE Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE 

The following error results if the user does not have access to read the security logs (The password is correct).

# /usr/dist/sso/rpcclient -I 10.6.1.230 -U luser -c "eventlog_poll -m STDOUT -i -q security" \\\\10.6.1.230
Password:
result was NT_STATUS_ACCESS_DENIED