Re: can Windows 2000 Server lbe configured to og IP address in the event log?

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 28 Jan 2007 21:03:05 -0600

As far as I know there is no way to do this. What you may want to try is to
use a personal firewall that has good logging - something like Sygate [if
you still can find it]. You could even configure the firewall to not do any
filtering but just do the logging. I the attempts are coming from outside
your network check your firewall logs and correlate firewall log entries
with the timestamps of the logon failures and of course have the firewall
and computer to be in synch time wise to make it easier.

Steve

http://www.tucows.com/preview/213160

"Bill" <b@xxxxx> wrote in message
news:1runr2926lnes3585s8smt5pv31qmnt4n8@xxxxxxxxxx

Windows server experts:

I know that Windows 2003 Server will log the IP of a user trying to logon
with
a phony username or bad password. But, 2000 Server does not. Is there any
way
to get 2000 to do this?

II am trying to identify a hacked that repeatedly tries to logon.

TIA
Bill

Follow-Ups:
- Re: can Windows 2000 Server lbe configured to og IP address in the event log?
  - From: Bill

References:
- Help: can Windows 2000 Server lbe configured to og IP address in the event log?
  - From: Bill

Prev by Date: Re: Safe deletion of old user details ?
Next by Date: Re: share Permissions problem
Previous by thread: Help: can Windows 2000 Server lbe configured to og IP address in the event log?
Next by thread: Re: can Windows 2000 Server lbe configured to og IP address in the event log?
Index(es):
- Date
- Thread

Relevant Pages

Re: CEICW fails at firewall config
... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
(microsoft.public.windows.server.sbs)
Re: Recycler security issues on IIS server
... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
(microsoft.public.inetserver.iis.security)
Re: Interpreting Security Audit Events
... messages were logged by our Exchange server which makes me ... server is not exposed to the Internet, ... The firewall won't have logged communication it ... the logon process identifies which system component ...
(microsoft.public.security)
Re: WebDAV problem with digest authentication behind firewall
... I'm using IIS 6.0 on a windows 2003 enterprise server which is member of a windows 2000 ads. ... is the one from inside the firewall. ... > connection and they both got a logon box. ...
(microsoft.public.inetserver.iis)
Re: event id 529 logon type 3 - lots of them
... What server applications were running on this server - IIS, Exchange,?? ... If you have auditing of account logon events enabled ... in Domain Controller Security policy you would want to check the security ... to check your firewall for proper configuration and you can go to a self ...
(microsoft.public.win2000.security)