Is there a way to track down what's computer had failed logon attempts in NT 4.0? - Windows NT
This is a discussion on Is there a way to track down what's computer had failed logon attempts in NT 4.0? - Windows NT ; Hi all,
Recently we have a lot of account locked out in Windows NT 4.0, we
think that the user are play around with someone else account.
Is there a way that we can track what's computer had bad logon
...
-
Is there a way to track down what's computer had failed logon attempts in NT 4.0?
Hi all,
Recently we have a lot of account locked out in Windows NT 4.0, we
think that the user are play around with someone else account.
Is there a way that we can track what's computer had bad logon
attempts? And what time the bad logon attempts occur?
In our account policy, we set 10 for Account Lockout Threshold and 5
minutes for Reset Account after
Any help will be really appreciated,
Thanks alot,
Kim,
-
Re: Is there a way to track down what's computer had failed logon attempts in NT 4.0?
kct@emia.com.au (kim) wrote in
news:5c2c58b.0402022230.2d5b69ac@posting.google.co m:
> Hi all,
>
> Recently we have a lot of account locked out in Windows NT 4.0, we
> think that the user are play around with someone else account.
>
> Is there a way that we can track what's computer had bad logon
> attempts? And what time the bad logon attempts occur?
>
> In our account policy, we set 10 for Account Lockout Threshold and 5
> minutes for Reset Account after
>
> Any help will be really appreciated,
> Thanks alot,
> Kim,
>
Hi,
If the user was on your network, the computer name will be in the
security event log if logging is set-up correctly. This shold be
configured to log all failed and successful attempts.
If they are outside of your lan, I would strongly suggest you
firewall this system to prevent log-in attempts from the internet.
If need be, you could still allow the attempts from a restricted
number of IPs and log the source IP address of the failed attempts
with the firewall.
Regards,
Systemguy
