I need to know who has log on to the domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I want to audit for failed log on attempts on the domain. Do i set this policy in the default DC container, or should i set it in the default domain policy? and what exactly should i change for this?

Also I have jsut taken over the role as network admin for my company, and I have a whole new respect for this type of work. The previous admin did not rename the administrator account on the domain, should this be done?

Thanks Skip
 
Skip said:
I want to audit for failed log on attempts on the domain. Do i set this
policy in the default DC container, or should i set it in the default domain
policy? and what exactly should i change for this?

On the DC container. This article gives you more details.
http://support.microsoft.com/?id=300549
Also I have jsut taken over the role as network admin for my company, and
I have a whole new respect for this type of work. The previous admin did not
rename the administrator account on the domain, should this be done?

Renaming the account has questionable security value as the SID associated
with the admin account remains the same even after you rename it so a savvy
attacker will not be fooled. Having said that, it may stop people casually
trying to guess the admin password so I would say it is worth doing. Some
admins also create a dummy Administrator account that is only a member of
the guests group but again this is just to fool the casual attacker.
 
Back
Top