Auditing Logon Events
From: Kevin Longley (kwlongley_at_cirtronics.com)
Date: 02/06/04
- Next message: Grady Vogt: "2000 Haning after logon."
- Previous message: David H. Lipman: "Re: turning off OS selection screen"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 6 Feb 2004 13:13:46 -0500
Presently when we audit failed logon events, at the active directory domain
controller level, we receive security events when any user that has a
Windows 98 computer mistypes their logon or password id. However the
auditing does not report any events if it is a Windows 2000 or Windows XP
computer and the user mistypes their logon or password id. In addition
whenever a user logs onto the domain using a Windows 2000 or Windows XP
computer the following event is recorded in the Domain Controllers security
log. If anyone has any suggestions I would appreciate it.
EVENT # :120
EVENTLOG :Security
EVENT TYPE :AUDIT FAILURE (16)
SOURCE :Security
CATEGORY :Logon/Logoff
EVENT ID :537
USER :NT AUTHORITY\SYSTEM
TIME : 2/6/2004 12:49:48 PM
MESSAGE :Logon Failure:
Reason: An unexpected error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
- Next message: Grady Vogt: "2000 Haning after logon."
- Previous message: David H. Lipman: "Re: turning off OS selection screen"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
