Activate security auditing to log unsuccessful logon attempts

9 January 2001 by Snakefoot | Comment » | Trackback Off
It is possible to log unsuccessful logins to your machine, to detect if someone is trying to access your machine.

To do this:
  1. Start the Local Security Policies snapin
  2. In the tree-view go to "Local Policies" -> "Audit Policy"
  3. For minimum logging select to audit failure in "Account Logon Events", "Directory Service Access" and "Logon Events"
Note audits can also be useful when trying to figure out what keeps an application from working when started with user-privileges. The audits can show the failures that occurs when the application tries to access the needed folders and registry-entries. One can then change the Access Control List (ACL) for these resources, so access is granted when having user-privileges.

More info MS KB Q300549
More info MS KB Q310399
More info MS KB Q315416
More info MS KB Q324739
Tags:
Category:

Updated: 20 June 2008

Leave a comment


You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>