Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Account Lockout: Defining an Audit Policy

Account Lockout: Defining an Audit Policy

How to Set an Audit Policy for an Account Lockout
Published by NoN
10 Mar 2011 - Views: 9926
Published by
NoN's Avatar

How to Set an Audit Policy for an Account Lockout

information   Information
This is attempt to help tracing in the Event Viewer, the Account Lockout Failure and Success "Log On" in windows 7 and Windows 8, after you set up the "Account Lockout Threshold for Invalid Logon Attempts".
Note   Note
In order this Tip to Work, you"ll have to set it before the Account Lockout Threshold for Invalid Logon Attempts.

To trace in the Event Viewer the "Success" and "Failure" logons, password change attempts and policy changes. The Audit Policy must be set before!

Defining the Account Lockout Audit Policy in Windows 7 and Windows 8:

1. First Open "Start Menu" then in the search bar, type "Local Security Policy"
Name:  01.jpg
Views: 1337
Size:  17.4 KB
2. Go to "Local Policies", then underneath, click "Audit Policy".
Account Lockout: Defining an Audit Policy-02.jpg
3. On the right side search for "Audit account logon events".

4. Right click Properties: Check both box "Success" & "Failure",
Name:  03.jpg
Views: 1316
Size:  22.1 KB
5. Click OK button and your done!

Date Published: june 2009

This security policy setting allows you to audit security events generated by a failed attempt to log on to an account that is locked out.
If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and failure audits record unsuccessful attempts.

Account lockout events are essential for understanding user activity and detecting potential attacks.

Event volume: Low
Default setting: Success

If this policy setting is configured, the following event is generated. The event appears on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

Event ID: 4625
Event message: An account failed to logon.
"Microsoft recommends that you use the account lockout feature to help deter malicious users and some types of automated attacks from discovering user passwords.
Password and account lockout settings are designed to protect accounts and data in your organization by mitigating the threat of brute force guessing of account passwords. Settings in the Account Lockout and Password Policy nodes of the Default Domain policy settings enable account lockout and control how account lockout operates."

Now you can go in the "Event Viewer" and see how many attempts had been made to Log On on your computer while you were away drinking that beer!

Thanks to Brink for having brought the support.


 Account Lockout: Defining an Audit Policy

Tutorial Tools

Similar help and support threads for2: Account Lockout: Defining an Audit Policy
Windows 7 Tutorial Category
Account Lockout - Unlock a Locked Out User Account Tutorials
the Administrator account and Audit mode Installation & Setup
Solved Renaming the Administrator account in the Audit mode General Discussion
account lockout policy General Discussion
Account lockout problem System Security
Account Lockout (sort of) in Win 7 General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:36 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33