If you are looking for a way to identify failed domain authentication
attempts (i.e. domain users failing to provide correct passwords during
their logons), then you should enable audit of failures in the Audit account
logon events category (Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy) of the Default Domain Controllers
GPO...
These events will be recorded on the DC that authenticate logon request (so
you would need to monitor both)...
hth
Marcin
"aconti" <> wrote in message
news:...
>
> Hello I want to see all the failed logons by users in the domain, I have
> 2 DCs, do I have to enable an audit policy on a DC or automatically I
> can just check the security log and all failed logons will be displayed
> there ?
>
> THank you
>
>
> --
> aconti
> ------------------------------------------------------------------------
> aconti's Profile: http://forums.techarena.in/members/73272.htm
> View this thread: http://forums.techarena.in/active-directory/1268498.htm
>
> http://forums.techarena.in
>
Similar Threads
Linear Mode
