{"id":251,"date":"2012-05-03T03:03:25","date_gmt":"2012-05-03T03:03:25","guid":{"rendered":"http:\/\/www.top-password.com\/blog\/?p=251"},"modified":"2012-05-03T03:05:47","modified_gmt":"2012-05-03T03:05:47","slug":"turn-on-auditing-to-monitor-account-attacks","status":"publish","type":"post","link":"https:\/\/www.top-password.com\/blog\/turn-on-auditing-to-monitor-account-attacks\/","title":{"rendered":"Turn on Auditing to Monitor Account Attacks"},"content":{"rendered":"<p>There is no doubt that all of the new security features\u00a0in the modern versions of Windows will help keep your computer more secure. However, these features become less valuable when they are not turned on by default. One feature, known as user account auditing, is not turned on by default.\u00a0With this feature is turned off, anyone with physical access or remote access to through a hole in your firewall (such an opening for Remote Desktop) can use a brute force attack against your user account for as long as they\u00a0want without getting noticed at all. How? The default audit security policy is configured to not log any account logon events, successful or failed.<\/p>\n<p>This allows an attacker to try to hack your accounts for as long as it takes to break in. There are a few ways to protect against this by setting up a Account Lockout policy. But first, it is important to turn on this account auditing so that you can see who may be trying to break into your accounts. After you have adjusted the auditing security policy, you will be able to see any account attacks including the account that they tried to logon with and where the request came from.<\/p>\n<p><strong>Let&#8217;s get started and turn on audition for failed logon events:<\/strong><\/p>\n<ol>\n<li>Click on the <strong>Start<\/strong> button and type in <strong>secpol.msc<\/strong> in the box and hit <strong>Enter<\/strong>.<\/li>\n<li>Navigate through <strong>Local Policies and Audit Policy<\/strong>.<\/li>\n<li>Right click on <strong>Audit account logon events<\/strong> policy and select <strong>Properties<\/strong>.<\/li>\n<li>Check the <strong>Failure<\/strong> box and hit <strong>OK<\/strong>.<\/li>\n<li>Right click on <strong>Audit logon events<\/strong> policy and select <strong>Properties<\/strong>.<\/li>\n<li>Check the <strong>Failure<\/strong> box and hit <strong>OK<\/strong>. Your screen should now look like the figure below:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-252\" title=\"audit\" src=\"https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2012\/05\/audit.jpg\" alt=\"\" width=\"307\" height=\"101\" srcset=\"https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2012\/05\/audit.jpg 307w, https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2012\/05\/audit-300x98.jpg 300w\" sizes=\"auto, (max-width: 307px) 100vw, 307px\" \/><\/li>\n<li>Close Local Security Policy editor.<\/li>\n<\/ol>\n<p>Your computer has now been configured to log all failed user account logon attempts.<\/p>\n<p>Once you have turned on account auditing, you can view the logs in Event Viewer (run eventvwr.msc)\u00a0under Windows Logs and Security.<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>There is no doubt that all of the new security features\u00a0in the modern versions of Windows will help keep your computer more secure. However, these features become less valuable when they are not turned on by default. One feature, known as user account auditing, is not turned on by default.\u00a0With this feature is turned off, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[101,102,103],"class_list":["post-251","post","type-post","status-publish","format-standard","hentry","category-tips-tricks","tag-account-auditing","tag-windows-account","tag-windows-audit-policy"],"_links":{"self":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts\/251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/comments?post=251"}],"version-history":[{"count":4,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts\/251\/revisions"}],"predecessor-version":[{"id":256,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts\/251\/revisions\/256"}],"wp:attachment":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/media?parent=251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/categories?post=251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/tags?post=251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}