Re: How do I log Failed Logon attempts
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 09/04/04
- Next message: Cary Shultz [A.D. MVP]: "Re: sub domain"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Add Users"
- In reply to: Laura E. Hunter \(MVP\): "Re: How do I log Failed Logon attempts"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 3 Sep 2004 21:28:12 -0400
Laura,
Great answer. I would also suggest that the poster take a look at the
account lockout tools for some really neat and useful tools!
Cary
"Laura E. Hunter (MVP)" <hunter(nospamplease)@sfs.upenn.edu> wrote in
message news:ugBWrjCkEHA.536@TK2MSFTNGP11.phx.gbl...
> You can configure auditing of account logon events using Group Policy. To
> configure an audit policy setting for a domain controller:
> 1.. Click Start, point to Programs, point to Administrative Tools, and
> then click Active Directory Users and Computers.
> 2.. On the View menu, click Advanced Features.
> 3.. Right-click Domain Controllers, and then click Properties.
> 4.. Click the Group Policy tab, click Default Domain Controller Policy,
> and then click Edit.
> 5.. Click Computer Configuration, double-click Windows Settings,
> double-click Security Settings, double-click Local Policies, and then
> double-click Audit Policy.
> 6.. In the right pane, right-click Audit Directory Services Access, and
> then click Properties.
> 7.. Click Define These Policy Settings, and then click to select one or
> both of the following check boxes:
> a.. Success: Click to select this check box to audit successful
attempts
> for the event category.
> b.. Failure: Click to select this check box to audit failed attempts
for
> the event category.
> 8.. Right-click any other event category that you want to audit, and
then
> click Properties.
> 9.. Click OK.
> 10.. Because the changes that you make to your computer's audit policy
> setting take effect only when the policy setting is propagated or applied
to
> your computer, complete either of the following steps to initiate policy
> propagation:
> a.. Type gpupdate /Target:computer at the command prompt, and then
press
> ENTER.
> b.. Wait for automatic policy propagation that occurs at regular
> intervals that you can configure. By default, policy propagation occurs
> every five minutes.
> 11.. Open the Security log to view logged events.
>
> Note If you are either a domain or an enterprise administrator, you can
> enable security auditing for workstations, member servers, and domain
> controllers remotely.
> http://support.microsoft.com/default.aspx?kbid=814595
>
> --
> ******************************
> Laura E. Hunter - MCSE, MCT, MVP
> Replies to newsgroup only
>
>
> "AW" <anonymous@discussions.microsoft.com> wrote in message
> news:404001c49012$0bcaaee0$a601280a@phx.gbl...
> > Hi, we have 2 Windos 2003 DC's and need to log when a
> > user locks there account out, or enters the wrong
> > password. How can I do this?
> >
> > Regards
> >
> > AW
>
>
- Next message: Cary Shultz [A.D. MVP]: "Re: sub domain"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Add Users"
- In reply to: Laura E. Hunter \(MVP\): "Re: How do I log Failed Logon attempts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
