Link to home
Start Free TrialLog in
Avatar of CTGSE
CTGSE

asked on

I have excessive log on attempts with a particular user and I was wanted to put a tracker or a log on that user to see where specifically it is coming from.

Is there a tool I can use that will track excessive log on attempts that work with server 2012 r2. I tried teh .dll tracker. Basically what im trying to do is see a written log of these attempts. So that I can narrow down where they are coming from. For example, if I need to delete credentials from the manager or it is something deeper. Just curious if anybody has any tools to track that.
Avatar of Brian B
Brian B
Flag of Canada image
The windows event log for security should show you failed log on attempts. You can filter the log if that helps.

Keep in mind if it's a user account they may not be doing it on purpose. They may have installed a program or something that is attached to their account and trying to access where they don't have permission.
Avatar of CTGSE
CTGSE

ASKER

Well, the user is actually our account on our domain. Im just curious If there is an application that will be more detailed than the event log. Because the code is not very detailed and I wanted to see where it was coming from. That way I don't have to wipe the whole credentials manager.
Avatar of Robert
Robert
Flag of United States of America image
The Microsoft AD Lockout tool provides access to all information tracked on the windows side. (worth looking into if your trying to track down failed logon attempts (as the account should be locking after a few attempts)
https://www.microsoft.com/en-us/download/details.aspx?id=18465

Usually I just look for the account lockout event id 4740 on the server the lockout occurs on then it will tell you the machine or IP the lockout came from.
Avatar of Michael B. Smith
Michael B. Smith
Flag of United States of America image
NetWrix provides a variety of free tools that can help you deal with this quite easily. As @Robert and @BrianB write, this information is in the Security log. But putting all the pieces together can be a bit challenging.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.