Announcement

Collapse
No announcement yet.

auditing invalid login attempts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • auditing invalid login attempts

    guys, I haven't done this in a while, I'm trying to audit invalid login attempts at the Domain Controller, but after editing the default Group Policy and turning on "Audit logon events" and "Audit account logon events" and checked failure, after that I refresh group policy with gpupdate /force, but I after making 4 invalid login attempt, I don't see the event ID anywhere in the security log.... could someone give me a hand with this?

    thanks

    -JV

  • #2
    Re: auditing invalid login attempts

    Did you edit the default domain or domain controller policy?

    If you edit the default domain policy it most likely won't be applied to a controller unless you've change the default setup. Make sure you've made the changes in the domain controller policy or the logging is going to happen at the machine that is applying that policy. Also, you can use Resultant Set of Policy to audit what policies are even being applied.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: auditing invalid login attempts

      yes I edited the default policy... I thought that policy applies to everyone in the domain, even the DC... no, my intention is not to audit every single login in the network just important member servers and the DC

      thanks
      -JV

      Comment


      • #4
        Re: auditing invalid login attempts

        Originally posted by miatech View Post
        yes I edited the default policy... I thought that policy applies to everyone in the domain, even the DC... no, my intention is not to audit every single login in the network just important member servers and the DC

        thanks
        -JV
        So...

        Make the change to the default domain controller policy and it should work.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: auditing invalid login attempts

          I finally got it working, but I had to modify the local security policy for the DC, b/c modifying the Default Group Policy didn't work

          thanks

          Comment


          • #6
            Re: auditing invalid login attempts

            Cool. At least it's working.
            Andrew

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment

            Working...
            X