Tuesday, November 21, 2006

Failure Codes ของ Event ID 675 และ 680 ใน Security log

Audit Account Logon - Means people connecting across the network
Audit Logon Events - Means a keyboard logon, someone at the very Domain Controller

675 Pre-authentication failed. This event is generated on a Key Distribution Center (KDC) when a user types in an incorrect password.
680 Successful or Failed logon attempt.

ถ้าต้องการจะดู Failure Codes ของ Event 675 กับ 680 จะต้องเลือกทั้ง Success และ Failuer Event

Event ID 680 จะใช้ log เหตุการณ์ success หรือ failure logon ซึ่งจะมี NT Status Code อยู่ 6 code ที่บอกรายละเอียดของ Event ID 680 นี้ เราสามารถใช้ในการตรวจสอบและแก้ปัญหาที่เกิดขึ้นได้

0xC000006A - This code means that a user has tries to log on and entered the password incorrectly.

0xC000006F - This code means that the user was prevented from logging on due to a logon time restriction.

0xC0000064 - This code appears when someone tries to logon with a non-existant account.

0xC0000070 - This code appears when a user attempts to logon to a computer that they are not allowed to logon to.

0xC0000071 - This code appears when the users password has expired.

0xC0000072 - This code appears when a user has entered the wrong password too many times and the account has been disabled.

สำหรับ Event ID 675
0x6 The username does not exist
0x17 The account has expired
0x18 Username exists, but password is wrong
0x25 Workstation's clock is out of synch

No comments:

Post a Comment