Re: Audit Logon Failures
From: Carolyn (Carolyn_at_discussions.microsoft.com)
Date: 04/23/05
- Next message: SASHA: "PASSWORD PROBLEM PLEASEEE HELPPPPPP"
- Previous message: Steven L Umbach: "Re: someone accessing my computer"
- In reply to: Steven L Umbach: "Re: Audit Logon Failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Apr 2005 17:29:53 -0700
Thank you very much, I will try this.
-- Carolyn
"Steven L Umbach" wrote:
> For a domain you want to enable auditing of "account logon" events for
> success and failure in Domain Controller Security Policy. Then you have to
> look in the security logs of all the domain controllers for the events you
> want to track. You can use Event Comb [free from MS] to make it a lot easier
> to do centralized. Try doing a few test failed logons for a domain user to
> see if the failure events are recorded. If you want to record logon failures
> to the "local" accounts on a domain computer you will need to enable
> auditing of logon events for the domain computers. Be sure to increase the
> size of your security log quite a bit from default to at least 10MB. The
> link below may help. --- Steve
>
> http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
>
> "Carolyn" <Carolyn@discussions.microsoft.com> wrote in message
> news:D5E8F86A-E8F9-47F2-8592-AD319439C96C@microsoft.com...
> >I am trying to audit logon successes and failures for my Windows 2003
> >domain.
> > At the domain controller, the Security log is set to audit logon successes
> > and failures, but only logon successes show up in the log.
> >
> > -- Carolyn
>
>
>
- Next message: SASHA: "PASSWORD PROBLEM PLEASEEE HELPPPPPP"
- Previous message: Steven L Umbach: "Re: someone accessing my computer"
- In reply to: Steven L Umbach: "Re: Audit Logon Failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
