Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 594
  • Last Modified:

How to trace where a login attempt occurs

I am looking to find out where you can find a log on what ip address or machine someone tries to login in from with a certain username in a domain.

i.e. A certain username gets locked out because someone on the domain tries to login with the username more than three times.

I am wanting to find out what ip address and what machine the login in attempts are coming from.

sorry for low points, please help.

Thanks.
0
micahy2k
Asked:
micahy2k
1 Solution
 
followingCommented:
If using Active Directory, enable auditing in the Default Domain Controllers GPO (Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policies).  For your purposes, I would turn on Failure auditing for at least "Audit account logon events" and "Audit logon events".  Then, in the Security log in the Event Viewer, you will be able to see events registered for failed logon attempts.  A computer name (or IP address) and username will be reported in the info.  I would recommend increasing the size of the security log so that you don't lose any events.

Hope this helps,
-jdm
0
 
timothyfryerCommented:
This place has some neat tools if you want to go check the guy out once you find him.  Just found this site so not sure if any of them log or not but they're still pretty neat.
http://www.ks-soft.net/ip-tools.eng/index.htm
0
 
micahy2kAuthor Commented:
Thanks for all the help!!!!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now