Is there a way to track down what's computer had failed logon attempts in NT 4.0? - Windows NT

This is a discussion on Is there a way to track down what's computer had failed logon attempts in NT 4.0? - Windows NT ; Hi all, Recently we have a lot of account locked out in Windows NT 4.0, we think that the user are play around with someone else account. Is there a way that we can track what's computer had bad logon ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Is there a way to track down what's computer had failed logon attempts in NT 4.0?

  1. Is there a way to track down what's computer had failed logon attempts in NT 4.0?

    Hi all,

    Recently we have a lot of account locked out in Windows NT 4.0, we
    think that the user are play around with someone else account.

    Is there a way that we can track what's computer had bad logon
    attempts? And what time the bad logon attempts occur?

    In our account policy, we set 10 for Account Lockout Threshold and 5
    minutes for Reset Account after

    Any help will be really appreciated,
    Thanks alot,
    Kim,

  2. Re: Is there a way to track down what's computer had failed logon attempts in NT 4.0?

    kct@emia.com.au (kim) wrote in
    news:5c2c58b.0402022230.2d5b69ac@posting.google.co m:

    > Hi all,
    >
    > Recently we have a lot of account locked out in Windows NT 4.0, we
    > think that the user are play around with someone else account.
    >
    > Is there a way that we can track what's computer had bad logon
    > attempts? And what time the bad logon attempts occur?
    >
    > In our account policy, we set 10 for Account Lockout Threshold and 5
    > minutes for Reset Account after
    >
    > Any help will be really appreciated,
    > Thanks alot,
    > Kim,
    >


    Hi,

    If the user was on your network, the computer name will be in the
    security event log if logging is set-up correctly. This shold be
    configured to log all failed and successful attempts.

    If they are outside of your lan, I would strongly suggest you
    firewall this system to prevent log-in attempts from the internet.
    If need be, you could still allow the attempts from a restricted
    number of IPs and log the source IP address of the failed attempts
    with the firewall.

    Regards,

    Systemguy

+ Reply to Thread