Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, June 3, 2016 6:22 PM
using netwrix lockout examiner, got message that couple of accounts were locked out, so I login to my domain controllers (20008R2) to find the workstation and IP.
when I go to my domain controllers, I do not see ANY bad logon attempts, or anything on accounts locking in the security log.
I wanted to be sure that logging was set in GPO, so I went to default domain policy, and domain controller policy, and both are configured with Audit account login events, audit logon events.
I even had someone put their password in wrong enough times to lock themselves out, and nothing in event viewer logs.
no filters are set on the logs.
suggestions?
All replies (1)
Monday, June 6, 2016 1:35 PM âś…Answered
Hi,
Thanks for your post.
For audit account lockout, you need enable the setting audit account lockout in GPO under the advanced audit policy configuration.
The path of the setting: Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff.
Best Regards,
Jay
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected].