Is there a way to track down what's computer had failed logon attempts in NT 4.0?

Discussion in 'Security Software' started by kim, Feb 3, 2004.

  1. kim

    kim Guest

    Hi all,

    Recently we have a lot of account locked out in Windows NT 4.0, we
    think that the user are play around with someone else account.

    Is there a way that we can track what's computer had bad logon
    attempts? And what time the bad logon attempts occur?

    In our account policy, we set 10 for Account Lockout Threshold and 5
    minutes for Reset Account after

    Kim,
     
    kim, Feb 3, 2004
    #1
    1. Advertisements

  2. kim

    S. Pidgorny Guest

    Hi Kim,

    Enabling audit for failed logon attempts will be a good start. That will
    give you time and client computer name.
     
    S. Pidgorny, Feb 3, 2004
    #2
    1. Advertisements

  3. kim

    kim Guest

    hi Svyatoslav,

    how can i audit the failed logon attempts??
    i'm still a baby in Network field..used to be a programmmer...

    Anyway, i checked the Audit policy(User manager ->Policies->audit), we
    had all the events below checked in Failure column:

    *Logon/Logoff
    *File And Object Access
    *Use Of User Rights
    *User And Group Management
    *Security Policy Changes
    *Restart, Shutdown, And System workstation.
    *Process Tracking

    Is any of these check box is audit "Failed" login attempts ?



    Thanks alot for your help,
    Kim,
     
    kim, Feb 3, 2004
    #3
  4. kim

    S. Pidgorny Guest

    That's Logon/Logoff. Now go to the Event Viewer, security log - you should
    see something there.
     
    S. Pidgorny, Feb 4, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.