RE: Auditing enabled but Logon Failures not showing up
From: dave kleiman (dave_at_netmedic.net)
Date: 10/21/03
- Previous message: Laura A. Robinson: "RE: Terminal Services Manager as a non-admin user."
- In reply to: thenile_at_ziplip.com: "Auditing enabled but Logon Failures not showing up"
- Next in thread: thenile_at_ziplip.com: "RE: Auditing enabled but Logon Failures not showing up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <thenile@ziplip.com>, <focus-ms@securityfocus.com> Date: Tue, 21 Oct 2003 15:02:04 -0400
Thenile,
Try looking it up with the words "Security Event Unsuccessful Logon Attempt"
in the advanced search on MSFT support, it should yield what you are looking
for. That would be the proper terminology in MSFT's world. Make sure you
set it to ALL OF THE WORDS entered, or you might end up with a google of
hits.
If you do not find the answer reply back and maybe I can find something for
you.
_____________________
Dave Kleiman
secure@netmedic.net
www.SecurityBreachResponse.com
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-----Original Message-----
From: thenile@ziplip.com [mailto:thenile@ziplip.com]
Sent: Monday, October 20, 2003 22:23
To: focus-ms@securityfocus.com
Subject: Auditing enabled but Logon Failures not showing up
Hi,
Two NT 4 (SP 6 a) domains with a trust relationship from one to the other.
If a user (running win 2k SP4 with latest updates) tries to logon to either
of the domains with a wrong password, no failure events show up on the PDC
or BDC.
Successful logons/log offs do show up in the event logs.
However if a user tries to logon to his specific machine (Choose this
machine form the drop down menu) with a wrong password a failure event shows
up in the PDC logs.
Auditing is enabled on both domains and log on and log offs success and
failures are both ticked in the auditing section on both domains.
I am not sure if this started happening recently or it has always been like
this.
Any ideas would be greatly appreciated.
Thank you.
thenile
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------
- Previous message: Laura A. Robinson: "RE: Terminal Services Manager as a non-admin user."
- In reply to: thenile_at_ziplip.com: "Auditing enabled but Logon Failures not showing up"
- Next in thread: thenile_at_ziplip.com: "RE: Auditing enabled but Logon Failures not showing up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
