How to enable auditing for logon failure?
- Logon to your domain controller with administrative privileges and launch the Group Policy Management console.
- Right-click the appropriate Group Policy Object linked to the Domain Controllers container and select Edit.
- Expand the Computer Configuration → Windows Setting → Security Settings → Local Policies → Audit Policy node.
- Configure audit policies as follows:
- Account Management: Success
- Audit account logon events: Failure
- Audit logon events: Failure
It will take a few minutes for the changes to take effect, and other domain controllers will receive the change at the next regular replication interval.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools