Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Tracking Failed Logins

Posted on 2004-09-14
21
Medium Priority
?
241 Views
Last Modified: 2010-04-14
I need to track failed logins on a Terminal Server, any suggestions?
0
Comment
Question by:JoshDale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 10
21 Comments
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12055920
failed logons should be logged underneath the Event Viewer > Security provided you have enabled that logging feature.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12055937
Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/win2000/secwin2k/09detect.mspx

check the section on auditing.
0
 

Author Comment

by:JoshDale
ID: 12055941
it should have, but in testing it, I don't see any of the failed logins. Also I created a group policy to lock the users account after 5 failed attempts, and it doesn't do that either. Am I missing something?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 8

Expert Comment

by:RevelationCS
ID: 12055946
to further clairify, it would show as a "failed audit" under the Security panel of the Event Viewer....
0
 

Author Comment

by:JoshDale
ID: 12056021
yea, it doesn't show any failed audits
0
 

Author Comment

by:JoshDale
ID: 12056029
It did show when a password expired but not my failed login attempts.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12056644
highlight Security
Click Action > Properties > Filter and make sure "Failed Audits" is checked
0
 

Author Comment

by:JoshDale
ID: 12056861
Yup, Failure Audit is checked.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057014
are you sure you are looking at the correct machine? I tested this on several of my servers (all running TS) and had no issues with it...

also, try checking under the GPO Policy and making sure that under Windows Configuration that your Audit and Security Policies are correct
0
 
LVL 8

Accepted Solution

by:
RevelationCS earned 2000 total points
ID: 12057044
most importantly:

Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policies

Edit Audit Logon Events and Audit Account Logon Events to audit successes and failures (double click on both policies to edit)
0
 

Author Comment

by:JoshDale
ID: 12057120
Yea, they are all set to sucess and failure but I forgot one thing, Active Directory is overriding my local policies, so I am going to check there really fast.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057142
that is most likely where the issue is at then... one minor detail there on the type of environment you have ;)
0
 

Author Comment

by:JoshDale
ID: 12057255
Yea, I just took over the network from another company, and I don't know everything but I know they butchered this network. Now I have to go through and figure everything out.

Thanks for the help
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057441
glad to have helped.. feel free to come back if you have any other questions....
0
 

Author Comment

by:JoshDale
ID: 12057469
Thanks.
0
 

Author Comment

by:JoshDale
ID: 12057479
Hey, you got any suggestions for good books on securing active directory, or doing security through active directory?
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057542
Best recommendation would be to use www.microsoft.com as they would be the most knowledgable on the topic ;)
0
 

Author Comment

by:JoshDale
ID: 12057664
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057738
same site ;)

with the first link, however, you can do a more expansive search that would include the Knowledge Base and other areas that might not be included with the "Security" section... Hope it helps though... otherwise, try taking a look at www.amazon.com and seeing which books come up for Active Directory
0
 

Author Comment

by:JoshDale
ID: 12057799
Yea, thanks for the help dude.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057847
np... always a pleasure to be able to assist here...
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Explore the ways to Unlock VBA Project Password Excel 2010 & 2013 documents. Go through the article and perform the steps carefully to remove VBA Excel .xls file.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question