What Event IDs does the 'Account with failed logons in X days' security check use? (NETIQKB48804)

  • 7748804
  • 02-Feb-2007
  • 08-Sep-2008

Resolution

goal
What Event IDs does the 'Account with failed logons in X days' security check use?

goal
How does Vulnerability check for logins that were not successful?

fact
NetIQ Vulnerability Manager Agent for Windows 5.0

fact
NetIQ Vulnerability Manager Agent for Windows 5.5

fact
NetIQ Vulnerability Manager 5.0

fact
NetIQ Vulnerability Manager 5.5

fix

The Account with Failed Logons in X days security check queries all domain controllers and looks for the following event IDs:

  • 529  Unknown user name or bad password
  • 530  Account logon time restriction violation
  • 531  Account currently disabled
  • 532  The specified user account has expired
  • 533  User not allowed to logon at this computer
  • 534  The user has not been granted the requested logon type at this machine
  • 535  The specified account's password has expired
  • 536  The NetLogon component is not active
  • 537  An unexpected error occurred during logon
  • 539  Account locked out
  • 675  Preauthentication failure


Additional Information

Formerly known as NETIQKB48804