NT security event logger not showing failed attempts

Windows Networking 2246 This topic was started by mabuhay, 2004-02-02 21:57

Discussion 2

21 Posts
Location -
Joined 2002-01-17

2004-02-02 22:57

Our PDC is not logging all failed logon attempts any longer. It used to log any attempt by anyone to logon to the network if it failed due to bad user name or bad password. Now it only logs failed attempts if you try to logon to the network at the PDC, but not for clients who try to logon. I can't see anywhere that this setting can be changed--it used to be all users at all PCs showed up in this log. It still logs successful logons from all users, but not unsuccessful logons, and it logs it if the user account gets locked out due to too many bad attempts. Is it possible that the system has been hacked to turn this off, if so, how to fix it?

Thanks

W2K registry backup - how-to and onto what media

cd drive "not ready" + burner install question

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.

Create a new user account. Registration is free and takes only a few seconds.

This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic

duhmez

581 Posts
Location -
Joined 2002-04-27

#122131

2004-02-03 01:14

Goto user manager and under policies make sure the appropriate logging is set "on unsuccessful"
You say that successful loggin gets logged so this means your logging is enabled, so redoing this setting should workx0r.

mabuhay

21 Posts
Location -
Joined 2002-01-17

#122132

2004-02-03 01:28

That has been the audit policy all along in user manager. It's checked, but still no record in the security event log.