Netlogon Parsing...checking for locked out accounts

Posted on 2007-10-05
Last Modified: 2013-12-04
Netlogon Parsing...checking for locked out accounts,

In order to use the netlogon parsing tool (windows resource kit?)for user lockout issues,  debugging has to be set .  Is the easiest way to set this on the DC's by modifying the registry article # 109626? Is there another way to activate the netlogon parsing tool???
Question by:handymanaly
    LVL 23

    Accepted Solution

    see here:

    o enable Kerberos event logging on a computer:


    Click Start, click Run, type regedit, and then press ENTER.


    Add the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry value to the registry key:

    Registry value: LogLevel

    Value type: REG_DWORD

    Value data: 0x1

    If the Parameters registry key does not exist, create it.


    Close Registry Editor and restart the computer.

    Caution Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. Note: Performance may be degraded by the logging process. Therefore, you should disable the logging process after you capture the events that you want in the log file. To disable logging, remove the LogLevel registry value, and then restart the computer.

    You can automate this process by using the script that is in the "Account Lockout Tools" section in this document. This script sets the Kerberos logging key in the registry on client computers that are running Windows 2000. If you want to enable logging for groups of computers, you can specify this script as a startup script in an Active Directory group policy.

    That article has all kinds of good info on using the Account Lockout tools.
    LVL 12

    Expert Comment

    An easier way is to use a tool made for security account administration like GFI SELM. You simply check a button to alert you when an account is locked out or after X failed attempts.

    That's it. No messing with the registry.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now