Re: Default Domain Policy vs Default Domain Controller Policy


"Tyler Cobb" <rtcobb@xxxxxxxxxxxxx> wrote in message
news:C2X_e.4645$Qb6.4620@xxxxxxxxxxxxxxxxxxxxxxxxx
> I'm reading along in the 70-290 book and there's an exercise that tells me
> to enable the Audit Accounts Logon Events and the Audit Logon Events
> policies in the Default Domain Controller Policy area. After that, they
> wanted me to try to log in with the wrong password on an account and then
> to
> come back on as Administrator and check out the Security Log in Event
> Viewer. I did all this but I noticed that it does not record any invalid
> logon attempts. It did, however, show the successful ones. I have verified
> that the policies are configured to audit both successes and failures.

If this is showing the successful ones, are you sure you just didn't check
success and not check the failure box?



>
> Out of curiousity, I went into the Default Domain Policy and enabled the
> same audit policies in there. When I viewed the Security Logs, I could see
> invalid logon attempts. Could the book be wrong or is there something I'm
> not understanding in a real scenario? I just have one computer setup with
> Windows Server 2003 for lab exercises. I was trying to generate invalid
> logins from the console. It's not networked to anything at the moment.
> Would
> it have worked if it were not a PDC on a one-computer network? Would it
> have
> been different if I tried to logon from a workstation?
>
> That brings me to another question if anyone has the time. I noticed that
> there seems to be an excessive pause when making some choices in Active
> Directory. I'm assuming the computer is trying to talk to something on the
> network that isn't there and timing out. Any idea what would be causing
> this?
>
> Thanks!
>


.

Relevant Pages

  • RE: find on which computer is connected a user
    ... i dones'nt want if possible to enable Audit Logon Events ... You may try to enable the policy "Audit Logon Events" and then audit the ... Limit concurrent connections per user. ...
    (microsoft.public.windows.server.general)
  • RE: find on which computer is connected a user
    ... You may try to enable the policy "Audit Logon Events" and then audit the ... Write events to the event log of a specified server concerning the status ...
    (microsoft.public.windows.server.general)
  • Re: Default Domain Policy vs Default Domain Controller Policy
    ... Or, if there's mor that one DC, did you set auditing and check the viewer on ... >> to enable the Audit Accounts Logon Events and the Audit Logon Events ... It did, however, show the successful ones. ...
    (microsoft.public.cert.exam.mcse)
  • RE: how can I see when the last time it was when a computer loged on
    ... You can try to enable the policy "Audit logon events" and then we can audit ... Events->Select Success and Failure. ...
    (microsoft.public.windows.server.sbs)
  • Re: Event viewer- security log
    ... If you configure an audit policy to audit successful logon and logoff ... Successful Network Logon ... I looked at it and it look like it is recording everybody ...
    (microsoft.public.windowsxp.security_admin)
Loading