Admin Tip #126: Track Account Lockouts Using the Checked Netlogon.dll

Hits: Failed to execute CGI : Win32 Error Code = 3


Large numbers of failed logins due to bad passwords is a red flag for intrustion detection. If you need to generate more detailed data to track bad password attempts to Windows NT domains, install the checked build of Netlogon.dll on the PDC. This will create %systemroot%\debug\Netlogon.log which will capture more information on the bad password attempts. You will need to obtain the checked version of Netlogon.dll from Microsoft support or its on the Microsoft DDK. To start generating the log:



Covers NT4 & NT2000. 3Ps covered well: policies, permissions, profiles.