?
Solved

Tracking Failed Logins

Posted on 2004-09-14
21
Medium Priority
?
238 Views
Last Modified: 2010-04-14
I need to track failed logins on a Terminal Server, any suggestions?
0
Comment
Question by:JoshDale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 10
21 Comments
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12055920
failed logons should be logged underneath the Event Viewer > Security provided you have enabled that logging feature.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12055937
Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/win2000/secwin2k/09detect.mspx

check the section on auditing.
0
 

Author Comment

by:JoshDale
ID: 12055941
it should have, but in testing it, I don't see any of the failed logins. Also I created a group policy to lock the users account after 5 failed attempts, and it doesn't do that either. Am I missing something?
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 8

Expert Comment

by:RevelationCS
ID: 12055946
to further clairify, it would show as a "failed audit" under the Security panel of the Event Viewer....
0
 

Author Comment

by:JoshDale
ID: 12056021
yea, it doesn't show any failed audits
0
 

Author Comment

by:JoshDale
ID: 12056029
It did show when a password expired but not my failed login attempts.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12056644
highlight Security
Click Action > Properties > Filter and make sure "Failed Audits" is checked
0
 

Author Comment

by:JoshDale
ID: 12056861
Yup, Failure Audit is checked.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057014
are you sure you are looking at the correct machine? I tested this on several of my servers (all running TS) and had no issues with it...

also, try checking under the GPO Policy and making sure that under Windows Configuration that your Audit and Security Policies are correct
0
 
LVL 8

Accepted Solution

by:
RevelationCS earned 2000 total points
ID: 12057044
most importantly:

Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policies

Edit Audit Logon Events and Audit Account Logon Events to audit successes and failures (double click on both policies to edit)
0
 

Author Comment

by:JoshDale
ID: 12057120
Yea, they are all set to sucess and failure but I forgot one thing, Active Directory is overriding my local policies, so I am going to check there really fast.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057142
that is most likely where the issue is at then... one minor detail there on the type of environment you have ;)
0
 

Author Comment

by:JoshDale
ID: 12057255
Yea, I just took over the network from another company, and I don't know everything but I know they butchered this network. Now I have to go through and figure everything out.

Thanks for the help
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057441
glad to have helped.. feel free to come back if you have any other questions....
0
 

Author Comment

by:JoshDale
ID: 12057469
Thanks.
0
 

Author Comment

by:JoshDale
ID: 12057479
Hey, you got any suggestions for good books on securing active directory, or doing security through active directory?
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057542
Best recommendation would be to use www.microsoft.com as they would be the most knowledgable on the topic ;)
0
 

Author Comment

by:JoshDale
ID: 12057664
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057738
same site ;)

with the first link, however, you can do a more expansive search that would include the Knowledge Base and other areas that might not be included with the "Security" section... Hope it helps though... otherwise, try taking a look at www.amazon.com and seeing which books come up for Active Directory
0
 

Author Comment

by:JoshDale
ID: 12057799
Yea, thanks for the help dude.
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12057847
np... always a pleasure to be able to assist here...
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question