RE: Auditing enabled but Logon Failures not showing up

From: dave kleiman (dave_at_netmedic.net)
Date: 10/21/03

  • Next message: Jim Harrison (ISA): "RE: Terminal Services Manager as a non-admin user."
    To: <thenile@ziplip.com>, <focus-ms@securityfocus.com>
    Date: Tue, 21 Oct 2003 15:02:04 -0400
    
    

    Thenile,

    Try looking it up with the words "Security Event Unsuccessful Logon Attempt"
    in the advanced search on MSFT support, it should yield what you are looking
    for. That would be the proper terminology in MSFT's world. Make sure you
    set it to ALL OF THE WORDS entered, or you might end up with a google of
    hits.

    If you do not find the answer reply back and maybe I can find something for
    you.

     
    _____________________
    Dave Kleiman
    secure@netmedic.net
    www.SecurityBreachResponse.com

    "High achievement always takes place in the framework of high expectation."
    Jack Kinder

     

    -----Original Message-----
    From: thenile@ziplip.com [mailto:thenile@ziplip.com]
    Sent: Monday, October 20, 2003 22:23
    To: focus-ms@securityfocus.com
    Subject: Auditing enabled but Logon Failures not showing up

    Hi,

    Two NT 4 (SP 6 a) domains with a trust relationship from one to the other.
    If a user (running win 2k SP4 with latest updates) tries to logon to either
    of the domains with a wrong password, no failure events show up on the PDC
    or BDC.

    Successful logons/log offs do show up in the event logs.
    However if a user tries to logon to his specific machine (Choose this
    machine form the drop down menu) with a wrong password a failure event shows
    up in the PDC logs.

    Auditing is enabled on both domains and log on and log offs success and
    failures are both ticked in the auditing section on both domains.

    I am not sure if this started happening recently or it has always been like
    this.

    Any ideas would be greatly appreciated.

    Thank you.

    thenile

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    ---------------------------------------------------------------------------


  • Next message: Jim Harrison (ISA): "RE: Terminal Services Manager as a non-admin user."