Logon-Logoff: Audit Account LockoutID: oval:org.secpod.oval:def:14669 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out.
If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
Logon events are essential for understanding user activity and to detect potential attacks.
Volume: Low.
Default: Success.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon-Logoff\Audit Account Lockout
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |