Auditing Logon Failures for Win2K clients in a NT Domain
From: Jane Lecian (Jane.Lecian@analexcleveland.com)
Date: 10/07/02
- Next message: Mike: "Problem Logging on to my server"
- Previous message: Robert Gu [MS]: "Re: Decrypt files from old admin acct?"
- Next in thread: Wei Wang [MS]: "Re: Auditing Logon Failures for Win2K clients in a NT Domain"
- Reply: Wei Wang [MS]: "Re: Auditing Logon Failures for Win2K clients in a NT Domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jane.Lecian@analexcleveland.com (Jane Lecian) Date: 7 Oct 2002 11:35:27 -0700
Hello All,
I have discovered a problem in our production domain. It is a NT 4.0
domain with NT 4.0 with sp6a on the DC's. We have converted all of
the clients in Win2K with sp2. We have auditing of both logon
successes and failures enabled on the DC's. When a user from a Win2K
workstation mistypes the password, nothing is logged to the security
log on the DCs. From the old security logs prior to the workstation
upgrade, we were getting Event ID 529's in the Security event log when
a user mistyped a password.
If the Win2K user mistypes the password enough times to lock out his
account, we do get an Event ID 644 in the security log, but still no
Event ID 529's are logged.
As a test I did enable Audit Logon Events (both failure & success) on
a workstation, and then mistyped the password. The local workstation
security event log does show a 529 error, but I really want the error
message to show in the DC's event logs. It is not practical (or maybe
even possible) to periodically check the event logs on all the
workstations in the domain on a periodic basis.
I have duplicated this behavior on a small test network that I set up.
A single NT 4.0 PDC, & 1 Win2K workstation.
I have been unsuccessful at locating any information in MS Knowledge
Base on this problem. I have only found Q172402 Auditing Logon
Failures Does Not Log Remote Failures which refers me to Q182918 which
says the "Microsoft recommends that you install Windows NT 4.0 Service
Pack 4 to correct this problem". As we are running sp6a and I
understand that service packs are cumulative, I feel that there must
be another solution I am looking for. To be on the safe side, I did
reinstall sp6, but it did not resolve the problem.
Can someone kindly point me the right direction to the solution? I am
sure that I am overlooking something simple.
Thanks,
Jane Lecian
- Next message: Mike: "Problem Logging on to my server"
- Previous message: Robert Gu [MS]: "Re: Decrypt files from old admin acct?"
- Next in thread: Wei Wang [MS]: "Re: Auditing Logon Failures for Win2K clients in a NT Domain"
- Reply: Wei Wang [MS]: "Re: Auditing Logon Failures for Win2K clients in a NT Domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
