Log the ?source network address? in Event ID 529 entries on Windows XP

By sholomke ·
In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log.

On a windows XP machine, this (and some other details) are omitted.

If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes).

The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials.

Any help getting this detail in the log would be appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums