Security Basics mailing list archives
Logging local logon failures?
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Wed, 25 Feb 2009 15:15:51 -0600
Good afternoon, In a Windows/Active Directory environment how does one weigh the following? Do you log local logon failures to the event log on domain member PCs? Do you avoid logging local logon failures and only care about logon failures on domain controllers? My concern is that a domain user will begin typing their passwords in the username field of a logon box, hitting enter and thereby log the password in the event viewer, followed by a successful logon by a username after fixing their mistake. So going through domain PC event logs will yield a good number of complete and valid credentials. Not logging logon failures on PCs will allow us to avoid this. Are there downsides to this? Besides the "I like logs" argument. Are there other, better options I am not aware of? Thank you Nick This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- Logging local logon failures? Nick Vaernhoej (Feb 26)