Re: Account Logon Time Restriction
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 9 Nov 2006 19:44:30 -0700
If you are seeing this in the ISA logs then, since ISA rather than Windows
is intercepting the attempt, you probably should post to an ISA newsgroup
where someone may give you some ISA specific ideas on what to do to
collect more info.
In general, Windows failed event logging for Windows 2000 is not of
much use in determining the origin of an attempt unless you happen to
recognize the Netbios names for the origin that do get recorded in the
security log failure events.
"James B" <JamesB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D85BE182-81B4-4EE4-A4BE-207F3F7DEFEA@xxxxxxxxxxxxxxxx
Hi,
I just noticed a similar problem, though I have no idea where to look for
the details on what the source of this is. I see the failed logins listed
in
the ISA Security Report. Where do I find the details/IP address of the
source
of these failed logins?
BTW, we have SBS 2000 if that makes a difference.
Thanks,
James
"LDD15" wrote:
We are operating SBS2003. Today I noted that there where over 1000 login
failures for one particular user. This user was not on the premisis
during
the hours when these occured. I noticed that the Failure audit had a type
3
which indicates that someone tried to log on over the network. Another
interesting point is that the failure audit indicates that the user name
and
password were correct. I assume however, based upon the quantity of
attemtpts
that someone is doing this with a script. How should I proceed?
Thanks.
.
- Prev by Date: Missing "Pre-Windows 2000 Compatibilty Acces" Buit-in Group
- Next by Date: Re: Set ownership
- Previous by thread: Missing "Pre-Windows 2000 Compatibilty Acces" Buit-in Group
- Next by thread: Re: Account Logon Time Restriction
- Index(es):
Relevant Pages
|
|
