Bad PAssword Attempts not logged

S

Scott Moravec

I have the following setup user Domain Security Policy |
Security Settings | Local Policies | Audit Policy:

Audit account logon events : Failure
Audit Logon events: Failure

When a try to fail a logon, the user logon account gets
locked but there is no record of it in the local PCs
security event log (nor on the DC event log, which I
believe it won't anyway).

I've restarted the starget machine and get the same issue.

Any ideas?
 
S

Steven L Umbach

On one of the domain computer view the Local Security Policy for auditing to
see what the effective settings are. If you have logon events enabled, you
should see the failures on domain machines in their security logs. For
domain controllers, you need to enble auditng at the Domain Controller
Security level. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

537 errors due to manual services being started 0
Failure audits not being logged 1
Unexplained 540 Events in Security log on W2K workstation in a dom 0
Audit Logon (success an failure) 1
Audit Account Logon Events 3
Auditing Logon Events 2
Audit Logon Events vs. Audit Account Logon Events 1
Authentication Auditing 5

Top