The user audit info is saved in the security log of the PDC only.
xylog
----- Original Message -----
From: "Winsor, Marc [IBM]" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Wednesday, August 22, 2001 9:00 AM
Subject: ID Monitoring??
> I have a user who is constantly getting locked out of his account. He
> claims that he isn't typing in a bad password 3 times (the lockout number)
> but that it just suddenly happens. What is the best way to monitor his ID
> to determine what and when the bad password attempts are happening? In
> checking through the event logs on the BDC's I don't see anything, or else
> I'm not recognizing it for what it is.
>
> I am in an NT4 domain. We have multiple BDC's. The user is having this
> problem when they log on locally to the network and also when RASing in.
> They have 2 machines, a W2K and a Win98 machine that they use.
>
> Any help is appreciated.
>
> Marc
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
