Smallvoid.com
  • Home
  • About
  • Articles
  • Links
  • Forum

Activate security auditing to log unsuccessful logon attempts

January 9, 2001 by Snakefoot | 0 Comment

It is possible to log unsuccessful logins to your machine, to detect if someone is trying to access your machine.

To do this:
  1. Start the Local Security Policies snapin
  2. In the tree-view go to "Local Policies" -> "Audit Policy"
  3. For minimum logging select to audit failure in "Account Logon Events", "Directory Service Access" and "Logon Events"
Note audits can also be useful when trying to figure out what keeps an application from working when started with user-privileges. The audits can show the failures that occurs when the application tries to access the needed folders and registry-entries. One can then change the Access Control List (ACL) for these resources, so access is granted when having user-privileges.

More info MS KB300549
More info MS KB310399
More info MS KB315416
More info MS KB324739
Tags:
  • event-log, user-account
Category:
  • User Security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Posts

  • Restrict guest access to event logs
  • Configure Automatic Logon in Windows NT
  • Moving the userprofile to a different location
  • Using NULL sessions to view shares and user accounts
  • Restrict access for NULL sessions

Recent Posts

  • Disable IPv6 imaginary tunnel network interfaces
  • Encrypted backup to OneDrive or DropBox
  • Description of soft and hard page faults
  • Windows 10 Upgrade with black screen
  • Wordpress 4.2 Upgrade

Meta

  • Log in
  • Entries feed
  • Comments feed