Re: Event Log messages for failed logon attempts

From: Erick Kinnee (erick.kinnee_at_fortworthgov.org)
Date: 10/31/03

  • Next message: Ken Schaefer: "Re: IIS 6 features" 
    To: Sean Warnock <swarnock@warnocksolutions.com>
Date: Thu, 30 Oct 2003 19:03:26 -0600

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/518.asp
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bestprac/bpent/sec3/monito.asp

    These might help, I refer to them quite often.

    On Sat, 2003-10-25 at 09:59, Sean Warnock wrote:
    > I am currently working on a small script that will parse the
    > event logs of a Windows NT/2000/2003 domain controller looking for
    > failed logon attempts. I am currently aware of event log message 529.
    > I believe that I have been able to generate several other error messages
    > for failed logon attempts depending upon what a client is using to
    > authenticate with (ex. Kerberos, NTLM, etc...). Does anyone have any
    > other input or articles that they would suggest as the only KB article
    > that I have found so far was 299475.
    >
    > Sean
    >
    > ---------------------------------------------------------------------------
    > FREE Whitepaper: Better Management for Network Security
    >
    > Looking for a better way to manage your IP security?
    > Learn how Solsoft can help you:
    > - Ensure robust IP security through policy-based management
    > - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    > networks
    > - Quickly respond to network events from a central console
    >
    > Download our FREE whitepaper at:
    > http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    > --------------------------------------------------------------------------- 

    -- 
Erick Kinnee
City of Fort Worth, Texas
IT Solutions / Network Security
Desk: 817.392.6839
Cell: 817.929.0995

  • Next message: Ken Schaefer: "Re: IIS 6 features"