Follow the link to audit account lock but it doesn't work.
I have already enabled audit policy under domain password policy and Default domain controller policy to audit " account login" failure event.
We have two domain controllers, Window 2003 and Window 2008. I tried to stimulate a user login failure and find that event 4740 is not logged. Only event 675 is logged in Window 2003. This event corresponded to a stimulated login failure on a workstation.
Any idea ??
4740 will trigger on a lockout not a bad password attempt.