Hi,
I'm having trouble logging failed logon attempts in our domain.
Basically I want to see each failed logon attempt as "failure audit" in the security event log on our domain controller. Right now I only see the default "success audit" entries for successfull logons.
So far, I've edited the "default domain policy" : I've set the option "audit logon events" in the security settings to both "successfull" as well as "failed". After that I ran "gpupdate /force" on the domain controller, logged off, logged on. I then deliberately tried a logon on a client with a bad password, but I'm still not seeing this being logged in security event on the DC.
Any help much appreciated.
Regards, Vincent