Hi everyone!
May someone share any material about permission and password violations? I would like to track the process and discover what is causing those numbers. Look:
Thanks.
Hi Doria,
You can audit logon failure(4625 event in Security events)
Check following for further details.
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625
(Don't forget to Accept as answer if this is helpful)
Could be hacking attempts. May need to do some network captures.
--please don't forget to Accept as answer if the reply is helpful--
Could be nefarious, or could be a lot of users type in their passwords incorrectly (it happens) . You normally see these high password violation numbers on domain controllers and the file servers will have high permissions violations. Your server has both. What is the function of this particular server?
File server.
What tools and which OS log can I get more information?
You could start with auditing logon events (failed) and object access for file/folder shares. These events will be reported in the Event Viewer and you can filter there or dump the logs into a service like Splunk or Elk stack.
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Vicky
Yes, the information helped!
I will capture the events and analyze! I will open a new thread about this.
Regards
Hi,
I am glad to hear that your issue was successfully resolved.
If there is anything else we can do for you, please feel free to post in the forum.
Have a nice day!
Could be other misconfigured servers in the network trying to attach/reach it.
Try turning off NetBIOS (over TCP/IP, in your network adapter settings) in your server, and those numbers may go down.
7 people are following this question.
