Resolution
goal
What Event IDs does the 'Account with failed logons in X days' security check use?
goal
How does Vulnerability check for logins that were not successful?
fact
NetIQ Vulnerability Manager Agent for Windows 5.0
fact
NetIQ Vulnerability Manager Agent for Windows 5.5
fact
NetIQ Vulnerability Manager 5.0
fact
NetIQ Vulnerability Manager 5.5
fix
What Event IDs does the 'Account with failed logons in X days' security check use?
goal
How does Vulnerability check for logins that were not successful?
fact
NetIQ Vulnerability Manager Agent for Windows 5.0
fact
NetIQ Vulnerability Manager Agent for Windows 5.5
fact
NetIQ Vulnerability Manager 5.0
fact
NetIQ Vulnerability Manager 5.5
fix
The Account with Failed Logons in X days security check queries all domain controllers and looks for the following event IDs:
- 529 Unknown user name or bad password
- 530 Account logon time restriction violation
- 531 Account currently disabled
- 532 The specified user account has expired
- 533 User not allowed to logon at this computer
- 534 The user has not been granted the requested logon type at this machine
- 535 The specified account's password has expired
- 536 The NetLogon component is not active
- 537 An unexpected error occurred during logon
- 539 Account locked out
- 675 Preauthentication failure
Additional Information
Formerly known as NETIQKB48804