Account lockout not showing in Security Event Log

[sharte]

I am running WIndows 2003 Server with 2 domain controller's. When a users account is locked it doesn't get wrote to the security log on either server. All the audit settings are correct. I need to use these lockouts for my Active Directory manager reports!!!

Please Help!!

 

[basst]

Increase the size of the logs. You may also need to review the settings so that events are not overwritten. Otherwise if you have configured auditing to audit account logon and logon events (success / failure) the lockouts will be written to the security log.

 

[sharte]

I have increased the size of the logs, cleared the old logs and ensured that all auditing is turned on. I locked out a user by typing the password incorrectly and still no event log to show the lockout!!

 

[basst]

Can you share what you have configured in the Default Domain Policy for the auditing?

 

[basst]

You should have:

Audit account logon events: success/failure
Audit logon events: success/failure

The machine that you are trying from must also be a member of your domain and the GPO must be applying to it.

You will only see the account lockout information on your Domain Controllers - not on the PC that you locked the account on. Maybe this is your error.