>>Simonis: Have you experimented with the "account lockout status" tool,
>>Simonis: lockoutstatus.exe, found in the 2003 res kit
>That's assuming the user is running 2003.
lockoutstatus.exe has run on W2K domains for quite some time. It just wasn't publicly released until the 2003 RK. It used to be available from PSS called als.exe, unprivileged users can run it and see which DC and account is locked out on, site of DC, number of bad pwds, last bad pwd and pwd last set.
It can be downloaded separately (with some other very useful stuff) from the RK for free from the Account Lockout and Management Tools page.
-----Original Message-----
From: Birl [mailto:sbirl (at) temple (dot) edu [email concealed]]
Sent: Wednesday, September 10, 2003 1:50 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: windows 2000 security logs
As it was written on Sep 8, thus simonis typed:
Simonis: Return-Path:
Simonis: <focus-ms-return-6024-sbirl=temple.edu (at) securityfocus (dot) com [email concealed]>
Simonis: Date: Mon, 08 Sep 2003 14:40:03 -0400
Simonis: From: simonis <simonis (at) myself (dot) com [email concealed]>
Simonis: To: Trey Stevens <treystevens (at) comcast (dot) net [email concealed]>
Simonis: Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Simonis: Subject: Re: windows 2000 security logs
Simonis:
Simonis: Trey Stevens wrote:
Simonis: >
Simonis: > Is there a place in group policy in which you can define who can read the
Simonis: > security logs? In our shop, we have domain controllers at sites in which the
Simonis: > IT staffs are not domain admins but still need to be able to see the
Simonis: > security logs to look for account lockouts.
Simonis: >
Simonis:
Simonis:
Simonis: Have you experimented with the "account lockout status" tool,
Simonis: lockoutstatus.exe, found in the 2003 res kit?
That's assuming the user is running 2003.
Thanks
Scott Birl http://concept.temple.edu/sysadmin/
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*==
==*====*
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
>>Simonis: lockoutstatus.exe, found in the 2003 res kit
>That's assuming the user is running 2003.
lockoutstatus.exe has run on W2K domains for quite some time. It just wasn't publicly released until the 2003 RK. It used to be available from PSS called als.exe, unprivileged users can run it and see which DC and account is locked out on, site of DC, number of bad pwds, last bad pwd and pwd last set.
It can be downloaded separately (with some other very useful stuff) from the RK for free from the Account Lockout and Management Tools page.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4
E63-8629-B999ADDE0B9E&displaylang=en
-----Original Message-----
From: Birl [mailto:sbirl (at) temple (dot) edu [email concealed]]
Sent: Wednesday, September 10, 2003 1:50 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: windows 2000 security logs
As it was written on Sep 8, thus simonis typed:
Simonis: Return-Path:
Simonis: <focus-ms-return-6024-sbirl=temple.edu (at) securityfocus (dot) com [email concealed]>
Simonis: Date: Mon, 08 Sep 2003 14:40:03 -0400
Simonis: From: simonis <simonis (at) myself (dot) com [email concealed]>
Simonis: To: Trey Stevens <treystevens (at) comcast (dot) net [email concealed]>
Simonis: Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Simonis: Subject: Re: windows 2000 security logs
Simonis:
Simonis: Trey Stevens wrote:
Simonis: >
Simonis: > Is there a place in group policy in which you can define who can read the
Simonis: > security logs? In our shop, we have domain controllers at sites in which the
Simonis: > IT staffs are not domain admins but still need to be able to see the
Simonis: > security logs to look for account lockouts.
Simonis: >
Simonis:
Simonis:
Simonis: Have you experimented with the "account lockout status" tool,
Simonis: lockoutstatus.exe, found in the 2003 res kit?
That's assuming the user is running 2003.
Thanks
Scott Birl http://concept.temple.edu/sysadmin/
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*==
==*====*
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]