Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 937
  • Last Modified:

Netlogon Parsing...checking for locked out accounts

Netlogon Parsing...checking for locked out accounts,

In order to use the netlogon parsing tool (windows resource kit?)for user lockout issues,  debugging has to be set .  Is the easiest way to set this on the DC's by modifying the registry article # 109626? Is there another way to activate the netlogon parsing tool???
1 Solution
see here: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx#EFKAE

o enable Kerberos event logging on a computer:


Click Start, click Run, type regedit, and then press ENTER.


Add the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry value to the registry key:

Registry value: LogLevel

Value type: REG_DWORD

Value data: 0x1

If the Parameters registry key does not exist, create it.


Close Registry Editor and restart the computer.

Caution Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. Note: Performance may be degraded by the logging process. Therefore, you should disable the logging process after you capture the events that you want in the log file. To disable logging, remove the LogLevel registry value, and then restart the computer.

You can automate this process by using the script that is in the "Account Lockout Tools" section in this document. This script sets the Kerberos logging key in the registry on client computers that are running Windows 2000. If you want to enable logging for groups of computers, you can specify this script as a startup script in an Active Directory group policy.

That article has all kinds of good info on using the Account Lockout tools.
An easier way is to use a tool made for security account administration like GFI SELM. You simply check a button to alert you when an account is locked out or after X failed attempts.

That's it. No messing with the registry.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now