Bad PAssword Attempts not logged

  • Thread starter Thread starter Scott Moravec
  • Start date Start date
S

Scott Moravec

I have the following setup user Domain Security Policy |
Security Settings | Local Policies | Audit Policy:

Audit account logon events : Failure
Audit Logon events: Failure

When a try to fail a logon, the user logon account gets
locked but there is no record of it in the local PCs
security event log (nor on the DC event log, which I
believe it won't anyway).

I've restarted the starget machine and get the same issue.

Any ideas?
 
On one of the domain computer view the Local Security Policy for auditing to
see what the effective settings are. If you have logon events enabled, you
should see the failures on domain machines in their security logs. For
domain controllers, you need to enble auditng at the Domain Controller
Security level. --- Steve
 
Back
Top