Account lockout Audit
Hi Team,
i wanted to audit user account lockout. i have two forest which are running with Server 2003 and Server 2008 R2. i enable Account management audit policy using GPO. so my problem is,
Dose Domain, log any Event if user account get locked?
If yes, please let me know the Event ID and how to configure it to Log a event on Domain
Thanks.
March 8th, 2012 5:43am
Hi,
In Windows Server 2003, the event ID for account lockout is 539:
539 Logon failure. The account was locked out at the time the logon attempt was made.
In Windows Server 2008 R2, it is 4740:
4740 A user account was locked out.
For more information, please refer to:
Maintaining and Monitoring Account Lockout
http://technet.microsoft.com/en-us/library/cc776964(v=ws.10).aspx
Description of security events in Windows 7 and in Windows Server 2008 R2
http://support.microsoft.com/kb/977519/en-us
Hope this helps.
Regards,
Bruce
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2012 2:21am
Hi,
Just checking in to see if the information was helpful. Please let us know if you would like further assistance.
Have a great day!
March 22nd, 2012 12:34am