NT security event logger not showing failed attempts
This is a discussion about NT security event logger not showing failed attempts in the Windows Networking category; Our PDC is not logging all failed logon attempts any longer. It used to log any attempt by anyone to logon to the network if it failed due to bad user name or bad password. Now it only logs failed attempts if you try to logon to the network at the PDC, but not for clients who try to logon.
Our PDC is not logging all failed logon attempts any longer. It used to log any attempt by anyone to logon to the network if it failed due to bad user name or bad password. Now it only logs failed attempts if you try to logon to the network at the PDC, but not for clients who try to logon. I can't see anywhere that this setting can be changed--it used to be all users at all PCs showed up in this log. It still logs successful logons from all users, but not unsuccessful logons, and it logs it if the user account gets locked out due to too many bad attempts. Is it possible that the system has been hacked to turn this off, if so, how to fix it?
Thanks
Thanks
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Feb 2
Feb 3
0
1 minute
Responses to this topic
Goto user manager and under policies make sure the appropriate logging is set "on unsuccessful"
You say that successful loggin gets logged so this means your logging is enabled, so redoing this setting should workx0r.
You say that successful loggin gets logged so this means your logging is enabled, so redoing this setting should workx0r.
OP
That has been the audit policy all along in user manager. It's checked, but still no record in the security event log.
