Event Log messages for failed logon attempts
From: Sean Warnock (swarnock_at_warnocksolutions.com)
Date: 10/25/03
- Previous message: Frank Heyne: "RE: Auditing enabled but Logon Failures not showing up"
- Next in thread: Drew Hunt: "RE: Event Log messages for failed logon attempts"
- Maybe reply: Drew Hunt: "RE: Event Log messages for failed logon attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Oct 2003 07:59:11 -0700 To: <FOCUS-MS@SECURITYFOCUS.COM>
I am currently working on a small script that will parse the
event logs of a Windows NT/2000/2003 domain controller looking for
failed logon attempts. I am currently aware of event log message 529.
I believe that I have been able to generate several other error messages
for failed logon attempts depending upon what a client is using to
authenticate with (ex. Kerberos, NTLM, etc...). Does anyone have any
other input or articles that they would suggest as the only KB article
that I have found so far was 299475.
Sean
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------
- Previous message: Frank Heyne: "RE: Auditing enabled but Logon Failures not showing up"
- Next in thread: Drew Hunt: "RE: Event Log messages for failed logon attempts"
- Maybe reply: Drew Hunt: "RE: Event Log messages for failed logon attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
