View logon failures with computer identification

I am looking for something that will give me details for logon failures on my 2008 domain controllers.  I need to see what computers are being used for these failures.  When I look at the event viewer, it does not give me the details I need.  I would like the name of the computer, but the IP address would do.  Am I not setting up the event viewer correctly or is there a product (not too expensive) that I can get?  I am having a problem with account lock outs and I need to know who is doing this.
jtennysonAsked:
Who is Participating?
 
tilbardCommented:
Download the Account Lockout Tools from Microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

The EventCombMT in particular is usefull. You can set it to search for events within a certain time period, and it has built-in queries for lockout events. It also will allow you to export to .CSV for easy searching.
0
 
kumarnirmalCommented:
Account Lockouts can occur when some computers in the Active Directory Domain perform a DDos Attack due to lack of security patches.

We received a lot of account lockouts during the month of Feb & March, but most of them were resolved when we deployed the patches

KB 958644 - http://support.microsoft.com/kb/958644
KB 958687.- http://support.microsoft.com/kb/958644

I sincerely would suggest  you to patch all your workstations asap and also update whether you are currently hosting a WSUS Server in your Network
0
 
jtennysonAuthor Commented:
My workstations are patched.  Certain accounts are being locked out.  I need to be able to find out what computer is being used to try and log in under these accounts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.