Solved

Tracking Failed Logins

Posted on 2004-09-14
21
236 Views
Last Modified: 2010-04-14
I need to track failed logins on a Terminal Server, any suggestions?
0
Comment
Question by:JoshDale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 10
21 Comments
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12055920
failed logons should be logged underneath the Event Viewer > Security provided you have enabled that logging feature.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12055937
Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/win2000/secwin2k/09detect.mspx

check the section on auditing.
0
 

Author Comment

by:JoshDale
ID: 12055941
it should have, but in testing it, I don't see any of the failed logins. Also I created a group policy to lock the users account after 5 failed attempts, and it doesn't do that either. Am I missing something?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 8

Expert Comment

by:RevelationCS
ID: 12055946
to further clairify, it would show as a "failed audit" under the Security panel of the Event Viewer....
0
 

Author Comment

by:JoshDale
ID: 12056021
yea, it doesn't show any failed audits
0
 

Author Comment

by:JoshDale
ID: 12056029
It did show when a password expired but not my failed login attempts.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12056644
highlight Security
Click Action > Properties > Filter and make sure "Failed Audits" is checked
0
 

Author Comment

by:JoshDale
ID: 12056861
Yup, Failure Audit is checked.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057014
are you sure you are looking at the correct machine? I tested this on several of my servers (all running TS) and had no issues with it...

also, try checking under the GPO Policy and making sure that under Windows Configuration that your Audit and Security Policies are correct
0
 
LVL 8

Accepted Solution

by:
RevelationCS earned 500 total points
ID: 12057044
most importantly:

Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policies

Edit Audit Logon Events and Audit Account Logon Events to audit successes and failures (double click on both policies to edit)
0
 

Author Comment

by:JoshDale
ID: 12057120
Yea, they are all set to sucess and failure but I forgot one thing, Active Directory is overriding my local policies, so I am going to check there really fast.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057142
that is most likely where the issue is at then... one minor detail there on the type of environment you have ;)
0
 

Author Comment

by:JoshDale
ID: 12057255
Yea, I just took over the network from another company, and I don't know everything but I know they butchered this network. Now I have to go through and figure everything out.

Thanks for the help
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057441
glad to have helped.. feel free to come back if you have any other questions....
0
 

Author Comment

by:JoshDale
ID: 12057469
Thanks.
0
 

Author Comment

by:JoshDale
ID: 12057479
Hey, you got any suggestions for good books on securing active directory, or doing security through active directory?
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057542
Best recommendation would be to use www.microsoft.com as they would be the most knowledgable on the topic ;)
0
 

Author Comment

by:JoshDale
ID: 12057664
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057738
same site ;)

with the first link, however, you can do a more expansive search that would include the Knowledge Base and other areas that might not be included with the "Security" section... Hope it helps though... otherwise, try taking a look at www.amazon.com and seeing which books come up for Active Directory
0
 

Author Comment

by:JoshDale
ID: 12057799
Yea, thanks for the help dude.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057847
np... always a pleasure to be able to assist here...
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We have put together a white paper that aims to explain how MSPs can both improve their offering and ease the pain of after-hours service by: -Suggesting changes to workflow -Indicating how to rework policy to suit your team -Providing ConnectW…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question