|
|
|
Forum Member
 
Group: Forum Members
Last Login: 1/5/2012 10:10:25 AM
Posts: 26,
Visits: 11
|
|
Randy,
Currently we are using GFI for event log management and when I run a report on 'Failed Logins' pulling from event ID 529, under 'logon type' 99.9% of them show as 'Network'. If I run a report looking for 'interactive' there are none. Any idea why the majority of failed logins under event ID 529 show up as 'Network' with very little listed as 'interactive'?
Thanks
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324,
Visits: 0
|
|
| Could be a lot of things but first place I would look is for a workstation with a persistent drive mapping using an old password for some account. How many accounts are generating the 529s?
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 5/11/2009 1:09:42 PM
Posts: 1,
Visits: 0
|
|
| I am seeing a lot of failed log attempts that are reporting a logon type of 0. All of the documentation I can find tells me types 0&1 aren't used. Any idea what might be causing this?
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 11/1/2009 10:26:56 PM
Posts: 1,
Visits: 0
|
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324,
Visits: 0
|
|
| Could either your post some examples? Also specify OS and SP level and type of computer: workstation, domain controller, member server. What applications, etc.
|
|
|
|