[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 829
  • Last Modified:

Why security log doesn't log Unsuccessful Logon attempts

Hi

Why security log doesn't log Unsuccessful Logon attempts? I have W2k3 I cleared the log to flush some settings and just tried to logon with wrong password and nothing was written to the log

Thank you

-Peter
0
piotrmikula108
Asked:
piotrmikula108
1 Solution
 
michaelhooperCommented:
in the properties of your security log do you have failures selected?
0
 
michaelhooperCommented:
more specifically failure audit?
0
 
piotrmikula108Author Commented:
yes, I have all options selected, I just restored to default settings just in case, but I get the same behavior when I logon to other servers, they don't record unsuccessful login attempts. Hmmm, am I not understanding something here?
0
 
KenneniahCommented:
So you are sure you've gone into your security policy (not security log) to "Audit logon events" in Security Settings|Local Policies|Audit Policies and set to audit logon failures?
0
 
AdamJurCommented:
If you want to record failures for logon events on other pcs as well you will have to edit each local group policy, unless you are working within a domain. Edit the current GPO policy on the OU that contains the servers and change the audit setting similar to Kenneniah's suggestion.

If locally: start-run  gpedit.msc  Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

If via GPO: Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

You will have the option to audit many different items.

In the Event Viewer you're just filtering.. however without auditing enabed your results will always be blank!

0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now