JoshDale
asked on
Tracking Failed Logins
I need to track failed logins on a Terminal Server, any suggestions?
failed logons should be logged underneath the Event Viewer > Security provided you have enabled that logging feature.
Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/win2000/secwin2k/09detect.mspx
check the section on auditing.
http://www.microsoft.com/technet/security/prodtech/win2000/secwin2k/09detect.mspx
check the section on auditing.
ASKER
it should have, but in testing it, I don't see any of the failed logins. Also I created a group policy to lock the users account after 5 failed attempts, and it doesn't do that either. Am I missing something?
to further clairify, it would show as a "failed audit" under the Security panel of the Event Viewer....
ASKER
yea, it doesn't show any failed audits
ASKER
It did show when a password expired but not my failed login attempts.
highlight Security
Click Action > Properties > Filter and make sure "Failed Audits" is checked
Click Action > Properties > Filter and make sure "Failed Audits" is checked
ASKER
Yup, Failure Audit is checked.
are you sure you are looking at the correct machine? I tested this on several of my servers (all running TS) and had no issues with it...
also, try checking under the GPO Policy and making sure that under Windows Configuration that your Audit and Security Policies are correct
also, try checking under the GPO Policy and making sure that under Windows Configuration that your Audit and Security Policies are correct
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yea, they are all set to sucess and failure but I forgot one thing, Active Directory is overriding my local policies, so I am going to check there really fast.
that is most likely where the issue is at then... one minor detail there on the type of environment you have ;)
ASKER
Yea, I just took over the network from another company, and I don't know everything but I know they butchered this network. Now I have to go through and figure everything out.
Thanks for the help
Thanks for the help
glad to have helped.. feel free to come back if you have any other questions....
ASKER
Thanks.
ASKER
Hey, you got any suggestions for good books on securing active directory, or doing security through active directory?
Best recommendation would be to use www.microsoft.com as they would be the most knowledgable on the topic ;)
ASKER
you mean http://www.microsoft.com/security :D
same site ;)
with the first link, however, you can do a more expansive search that would include the Knowledge Base and other areas that might not be included with the "Security" section... Hope it helps though... otherwise, try taking a look at www.amazon.com and seeing which books come up for Active Directory
with the first link, however, you can do a more expansive search that would include the Knowledge Base and other areas that might not be included with the "Security" section... Hope it helps though... otherwise, try taking a look at www.amazon.com and seeing which books come up for Active Directory
ASKER
Yea, thanks for the help dude.
np... always a pleasure to be able to assist here...