Re: Event log for disabled account
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/30/04
- Next message: Miha Pihler: "Re: EFS certificate renewal"
- Previous message: Jason Darst: "Re: EFS certificate renewal"
- In reply to: Troy Tate: "Event log for disabled account"
- Next in thread: Troy Tate: "Re: Event log for disabled account"
- Reply: Troy Tate: "Re: Event log for disabled account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 07:38:23 -0700
Yes, account lockout can be audited if you have the
audit policy set to log the logon events. You will find
the records at the machine where the authentication was
processed. For example, you may need to check the
logs of all domain controllers using a tool such as
EventCombMT released by MS
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Troy Tate" <ttate_nospam@ctscorp.com> wrote in message news:ohhig0l624cvuuqutkcc1o3s3etacd7ct2@4ax.com... > When an account is disabled or locked out due to too many attempts > with an incorrect password, is this logged to any event log (WinNT4)? > I have tested locking an account and do not see any events being > logged. I would like to use some paging software to notify me in > advance that a user account is locked out prior to being called by the > user. > > Thanks for your assistance.
- Next message: Miha Pihler: "Re: EFS certificate renewal"
- Previous message: Jason Darst: "Re: EFS certificate renewal"
- In reply to: Troy Tate: "Event log for disabled account"
- Next in thread: Troy Tate: "Re: Event log for disabled account"
- Reply: Troy Tate: "Re: Event log for disabled account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
