Win2k systems auditing - failed logon attempts

[THELAIR]

i got my auditing setup to detect failed logon attempts, and i can see them, but... what i really wanna know is what passwords they were trying...

all it says was "incorrect username/password entered" or somthing along those lines... i wanna know what password htey were trying...

cant the security audit logs show this??
that would provide alot of helpfull info

anyone know?

 

[slipperyslope]

I don't know about logging the password attempts but I do know that if you have boot by floppy turned on in the BIOS anyone can pretty much reset your Admin Win2k Pro or Server password.


Jim

 

[loosbrew]

how so? ive come across people who lost thier admin pass...

tia
loosbrew

 

[THELAIR]

yah slippery slope, are you referencing the ability to go into the recovery console and using commands in privilaged mode there? I set mine up to ask for an admin password before that can happen, plus my bios is password protected
heh

 

[THELAIR]

^

 

[Mark R]

Win2k does not store the passwords attempted because they pose a security risk. There is no documented option to enable saving the attempts. I don't know of any 3rd party software to offer this functionallity.