Jump to content


Netwrix Account Lockout Real Reason


  • Please log in to reply
1 reply to this topic

#1 cemal.demirsu



  • Members
  • Pip
  • 2 posts

Posted 23 January 2018 - 05:28 AM

Dear all,


We have installed Account Lockout Manager to have more information related "Account Lockouts", but unfortunately, we receive a message such as " logon auditing is disabled some functionality will be unavailable for this dc netwrix" . But this is not true, all the settings in DC areenabled.

And also have another message for the specific investigation for example for the Workstation X. then it says, " To view detailed information on logons, enable Failure Audit logon policy on the target workstation" which is also enabled both in client computer and in DC as well.


Anyone has these kind of experience to help  please ?


Best Regards,


#2 AndreyK



  • Members
  • PipPip
  • 15 posts

Posted 26 January 2018 - 12:54 PM

Hello Cemal,


The messages about non-configured audit might be false-positives, especially if you have some complex Group Policy structure in your domain or use a combination of Basic and Advanced audit policies.

If you see related events in the Security logs on the DCs and workstations you should be good.

Here is the article with the list of monitored event ids: https://www.netwrix.com/kb/1348


Kind regards,


0 user(s) are reading this topic

0 members, guests, anonymous users