I want to document the use of wrong password during the try-to-logon-process initiated on a Member Server (or Client Computer) when the user uses its domain account. I thought, that 529 will be logged on security event log on DC but it isn't so. Could you please tell me how I will be able to document the occurence of wrong password while a users is trying to log on at a member server or workstation with his domain account?
Thanks in advance.
Confusing, I know. For more information, I suggest my recorded webinar Understanding Authentication Events in the Windows 2003 and 2008 Security Logs and of course my Resource Kits.