Get the "source network address" in Event ID 529 audit entries on Windows XP

Posted by Make it useful Keep it simple on Server Fault See other posts from Server Fault or by Make it useful Keep it simple
Published on 2010-07-05T21:30:39Z Indexed on 2010/12/29 3:55 UTC
Read the original article Hit count: 281

Filed under:

windows-server-2003

|

windows-xp

|

event-log

|

security-audit

In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log.

On a windows XP machine, this (and some other details) are omitted.

If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes).

The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials.

Any help getting this detail in the log would be appreciated.

© Server Fault or respective owner

Related posts about windows-server-2003

Rotate monitor to portrait on Windows Server 2003 with ATI card

as seen on Super User - Search for 'Super User'
Does anyone know if it is possible to rotate a monitor from landscape to portrait mode on Windows Server 2003 32-bit with an ATI video card? According to Dell's site, I should be able to rotate my Dell P2310H monitor by installing drivers from their website, but they don't have drivers for Windows… >>> More
Windows Server 2003 Trial Activation Issue

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 (R2 Enterprise with SP2) VM, originally installed with a trial license. We forgot about the server, and now more than 120 days has passed, and I can't do anything with the server. I seem to be at a dead end with the existing installation. When I log in, I get: The… >>> More
Windows Server 2003 can't see Vista machine

as seen on Server Fault - Search for 'Server Fault'
Hi there, I've got a real PITA problem that I'm sure has a really simple solution. I have a Windows Server 2003 machine that needs to be able to see the network name of a Vista box - but refuses to. It can see the Vista box (and even access its shared folder) if I enter the Vista box's IP address… >>> More
Windows server 2003 default administrator password

as seen on Stack Overflow - Search for 'Stack Overflow'
Sorry if this is an overly simplistic question, but I'm a bit stuck here. :) I need a windows machine for me to do some programming for class. Since I have my Macbook with me everywhere I go, I figured that it would be easiest to install a vm. And since I can get a copy of Windows server 2k3 for… >>> More
Windows Server 2003 - Handling hundreds of simultaneous downloads

as seen on Server Fault - Search for 'Server Fault'
At the moment I have a single server with 4 1TB hard disks, daily I haver over 150 MP3 music files uploaded (around 80mb each). At busy periods there is over 300 people streaming / downloading these mixes all at once, 75% of the activity is on the most recently uploaded stuff which is all on a single… >>> More

Related posts about windows-xp

Windows XP - Security Update for Windows XP (KB923561) (KB946648) (KB956572) (KB958644)

as seen on Super User - Search for 'Super User'
My father's computer has Windows XP, but when I try to install the service packs it always fails. What gives? Here are the errors that I get in the event log: Date: 2/6/2010 Time: 12:02:18 AM Type: Error User: N/A Computer: EVO Source: Windows Update Agent Category: Installation Event ID: 20 Installation… >>> More
Restore Bak File created on Windows XP pro in Windows XP Pro 64

as seen on Super User - Search for 'Super User'
I have a situation that I need help with. I backed up my Files on Windows XP using the System BackUp utility/wizard, and then Installed a new operating system on the machine. Now I want to restore my old files via the .bak file but it is not being recognized at all. Did I do this wrong or is there… >>> More
Installed Ubuntu 12.04.01 with Windows XP but lost access to Windows XP

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
The First time I tried to install Ubuntu the installer installed it on my D drive. This resulted in only booting to Windows XP with no access to Ubuntu. I had to download a disk partitioning program to undo all of this. A tip from the Internet said to create a partition on the C drive for Ubuntu,… >>> More
Replace dual-XP installs with single-XP install and repartition drive?

as seen on Super User - Search for 'Super User'
Hello, The Current Situation I have a hard drive that currently is split up like so: Primary Partition C: 9.77 GB NTFS Healthy (System) with XP Pro (in Polish) installed Extended Partition D: 39.82 GB NTFS Healthy (Boot) with XP Pro (in English) installed … >>> More
How do I connect two computers with a LAN cabel?

as seen on Super User - Search for 'Super User'
I have two machines - Windows XP and a laptop using Windows 7. I connected them with a WLAN cable. On the Windows XP machine, I set the IP address to 192.168.0.10. On the Windows 7 laptop, I set the IP address to 192.168.0.20. The laptop can see the Windows XP machine, but Windows XP machine cannot… >>> More