Solved

Event ID 644 not showing up on event Security Log.

Posted on 2007-03-26
4
943 Views
Last Modified: 2013-12-04
I have a Windows Server 2003 SP1 Domain Controller. We have one legacy NT4 BDC, no other Domain Controllers.

Whenever an account is locked, for instance by the user trying more than 5 passwords, the account lockout does not show up in the event Security Log.

To test this I tried it in my test environment, with just one 2003 DC and one XP SP2 client and the same thing happens I get no 644s. I do get 539s when I attempt to logon the client after the account is locked.

In the Default Domain Security setting Audit Policy I have everything set to audit, success and failure.

I don’t wish to make any changes to production until I can get this working in Test.

Does anybody have any suggestions or solutions?
0
Comment
Question by:BMCKRob
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
Do you get any 642s instead of 644?

Event ID:642
Description:
User Account Changed:
Account Locked.

0
 

Author Comment

by:BMCKRob
Comment Utility
No, we are not getting any 642's either.
0
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 500 total points
Comment Utility
How is your Audit policy set? Default Domain Controller Security Settings should have the following Audit policy set "Audit account managment" to Success, for event ID 644 to appear.
Did you check BDC logs also?
0
 

Author Comment

by:BMCKRob
Comment Utility
That is IT!!!!  We have been working on this for weeks, none of the documentation I have read says that needs to be set. Thanks you have earned the points.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now