W2K3 R2 is not logging/auditing failure events

Hello.

I'm running 2003 Server R2 here. I went to Default Domain Security
Settings, Local Policies, Audit Policy, Audit Logon Events ***AND***
Audit Account Logon Events, and selected audit success and failure.

I then did a gpupdate /force.

Now, from any host, when I supply a bad password or a username which
does not exist in AD, I don't get the failure event(s) in the security
log, only when a user successfully logs on to the system gets logged.

What else am I missing, I want to track bad logon attempts and see
failures for event IDs 675 and 672?

Thanks!

.

Relevant Pages

  • Re: Log-in log-out
    ... When you double click on "Audit account logon events" you will see the ... success and failure but even if I restart my PC (to ...
    (microsoft.public.win2000.general)
  • RE: Logging User Logon/Logoff
    ... I apologize it's the "audit account logon events" that needs to be enabled. ... Therefore you can uncheck the success and failure of the "audit logon ...
    (microsoft.public.windows.server.sbs)
  • Re: Log-in log-out
    ... that the policies Local Setting and Effective Setting are both shown as ... there are 3 columns under Audit Policy for Audit account logon ... Local setting: success and failure ... The Valid setting would have to be set for Sucess if you want to log logon events. ...
    (microsoft.public.win2000.general)
  • Audit policy problem
    ... Audit account logon events (Succes and Failure) ... are enabled if the checkbox is cheched ...
    (microsoft.public.windows.server.general)
  • Audit policy problem
    ... Audit account logon events (Succes and Failure) ... are enabled if the checkbox is cheched ...
    (microsoft.public.windows.server.general)
Loading