Re: auditing logging on

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 07/30/03 

Date: Tue, 29 Jul 2003 23:41:17 GMT

      It would only show on a domain controller if you try to use a domain account to
log onto a domain workstation - not the local account. The place to enable auditing
of security policy for a domain controller is in the Domain Controller Security
Policy [not DomainSecurity Policy]. You can view the Local Security Policy of the
domain controller for "effective" settings of auditing levels. --- Steve

"Calvin Lai" <Calvin.Lai@shaw.ca> wrote in message
news:MPG.199089ed45c6da799896b8@shawnews.ed.shawcable.net...
> Maybe I'm doing something wrong here...
>
> What event id should I be looking for in the security log on a DC? I
> enabled AUDIT ACCOUNT LOGON EVENT and to log both failure and success.
> I tried my user account on a workstation (tried wrong password and then
> tried the right password) But nothing got logged on the DC saying i
> failed to log on and i successfully log on to the domain.
>
> In article <V0yVa.27898$BM.9217711@newssrv26.news.prodigy.com>,
> sumbach@ameritech.net says...
> > See the following links. You have your lockout set very low. You may
> > want to raise it to ten which is the minimum recommended by Microsoft. One
> > wrong logon can generate multiple failure events if you view the security
> > logs for failed events after you enable auditing for it. You can use
> > filtered view in Event Viewer to look for specfic events or use something
> > like EventComb. -- Steve
> >
> > http://support.microsoft.com/?kbid=300549
> > http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=9633
> >
> > "Calvin Lai" <Calvin.Lai@shaw.ca> wrote in message
> > news:MPG.1990491c79753fa49896b7@shawnews.ed.shawcable.net...
> > > Hi.
> > >
> > > What I want to do is keep track of which domain users are typing in
> > > their passwords wrong or getting their account locked out after 3 tries
> > > when they try to log on to the domain.
> > >
> > > This is a win 2000 domain. I'm not too sure where the auditing to
> > > enabled is.
> >
> >
> >

Relevant Pages

  • Re: MICROSOFT_AUTHENTICATION_PACKAGE
    ... Is the security option "additional restrictions for anonymous connections" - ... changes to the Local Security Policy of a domain controller, ... then examine the settings in the Local Security ... domain machine if you changed domain security policy. ...
    (microsoft.public.win2000.security)
  • Re: Password Problem
    ... explicit anonymous permissions is not enable in the Local Security Policy on any ... domain controller or in the Domain Controller Security Policy. ... > permissions to change their passwords. ...
    (microsoft.public.win2000.security)
  • Re: Group Policy error
    ... This problem caused due to the security seetings tampered on SYSVOL ... Domain Security Policy & Domain Controller Security snap-in was ... > The domain controller for Group Policy operations is not ...
    (microsoft.public.win2000.security)
  • Policy change kills access to template
    ... Policy or Domain Controller Security Policy, local policies, and make ANY ...
    (microsoft.public.win2000.security)
  • Re: Auditing Account management events
    ... Simply enable auditing of "account management" in the ... security policy of the computer where you want to track these events. ... are tracking events for domain users, enable auditing of account management ... in Domain Controller Security Policy and view the security logs of the ...
    (microsoft.public.win2000.group_policy)
Quantcast