Re: Auditing Logon events on Windows 2003 DC
From: Andy Barkl [MVP] (abarkl_at_community.nospam)
Date: 10/19/04
- Next message: Mike LP: "Windows 2003 Share & Macintosh G3 OS X version 10.2.8"
- Previous message: Tomasz Onyszko: "Re: Auditing Logon events on Windows 2003 DC"
- In reply to: rhubman16: "Auditing Logon events on Windows 2003 DC"
- Next in thread: rhubman16: "Re: Auditing Logon events on Windows 2003 DC"
- Reply: rhubman16: "Re: Auditing Logon events on Windows 2003 DC"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 19 Oct 2004 14:24:18 -0700
"rhubman16" <rhubman16@discussions.microsoft.com> wrote in message
news:45F22023-9200-42FF-B3A4-49E5B8411263@microsoft.com...
>I am trying to monitor logon failures on our domain controllers. I read
>that
> if you turn on the 'Audit Logon Events' policy on the DCs, you will get
> entries in the 500 range in the event viewer (ie. 539 account locked out).
>
> I dont get these entries I do get 675 errors but there are hundreds of
> them,
> it also enters one for bad passwords.
>
> Does anyone know what I am doing wrong?
>
> Thank you
This article lists the Account Logon events (6xx) and Audit Logon events
(5xx) which are different;
http://www.microsoft.com/technet/security/guidance/secmod128.mspx#EIAA
- Next message: Mike LP: "Windows 2003 Share & Macintosh G3 OS X version 10.2.8"
- Previous message: Tomasz Onyszko: "Re: Auditing Logon events on Windows 2003 DC"
- In reply to: rhubman16: "Auditing Logon events on Windows 2003 DC"
- Next in thread: rhubman16: "Re: Auditing Logon events on Windows 2003 DC"
- Reply: rhubman16: "Re: Auditing Logon events on Windows 2003 DC"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
