Normal Logon Failure Audits?

[Eric]

Finally have the dialup lockup problem resolved, now on to the logon audits.

I've been told and read elsewhere that the numerous "failed logon" attempts
by advapi in the security log are simply just attempts by winxp itself to
login to existing accounts with a blank password. I take it that if a blank
password is found, then winxp will change the way logins and fast-switching
of users are presented?

I'm using the "Welcome screen" for logins.

I can live with that. It seems a little "messy" though. I would prefer the
security log to ignore that.

Found an article in MS's support database on it. Going to give that a try.

http://support.microsoft.com/default.aspx?scid=kb;en-us;305822&Product=winxp

 

[Eric]

Finally have the dialup lockup problem resolved, now on to the logon
audits.

I've been told and read elsewhere that the numerous "failed logon" attempts
by advapi in the security log are simply just attempts by winxp itself to
login to existing accounts with a blank password. I take it that if a blank
password is found, then winxp will change the way logins and fast-switching
of users are presented?

I'm using the "Welcome screen" for logins.

I can live with that. It seems a little "messy" though. I would prefer the
security log to ignore that.

Found an article in MS's support database on it. Going to give that a try.

http://support.microsoft.com/default.aspx?scid=kb;en-us;305822&Product=winxp

Discovered I already had SP1 and all the hotfixes afterwards installed, so
not going to go any further.

Also, from a deja search, found an article posted by Eric Fritzgerald at MS
stating:

"I'm working with the shell team to change this behavior, but it's unlikely
to change until Longhorn. The thought is that the intersection of (users
who use the welcome screen) + (users who audit) is small, and changes to the
logon components can be destabilizing."

I guess I'll just live with it...