Re: Event log for disabled account
From: Troy Tate (ttate_nospam_at_ctscorp.com)
Date: 07/30/04
- Next message: Jerry Bryant [MSFT]: "Microsoft Security Bulletin for July 30, 2004"
- Previous message: Miha Pihler: "Re: EFS certificate renewal"
- In reply to: Roger Abell: "Re: Event log for disabled account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 09:57:23 -0500
This is on the PDC and it is processing the authentication. So, I
would expect the event to be logged on this server.
On Fri, 30 Jul 2004 07:38:23 -0700, "Roger Abell" <mvpNOSpam@asu.edu>
wrote:
>Yes, account lockout can be audited if you have the
>audit policy set to log the logon events. You will find
>the records at the machine where the authentication was
>processed. For example, you may need to check the
>logs of all domain controllers using a tool such as
>EventCombMT released by MS
- Next message: Jerry Bryant [MSFT]: "Microsoft Security Bulletin for July 30, 2004"
- Previous message: Miha Pihler: "Re: EFS certificate renewal"
- In reply to: Roger Abell: "Re: Event log for disabled account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
