Is there any reliable way to monitor failed logon attempts on-the-fly in Windows XP? (well, Vista too for that matter).
I need to monitor failed logon attempts programmatically which is currently accomplished with a simple GINA Stub by subclassing the Login dialog from MSGINA.
However, my current solution is not waterproof if there are other GINAs in the chain.
So my question is: Is there any (other) API I can rely on? Or do I have to roll out an entire GINA replacement DLL?
Best Answer
Microsoft ACS does this very well. It is a component of System Center Configuration manager. You can look at the logon failures from the DC perspective or from the client perspective depending on your specific needs.
There are MS Partner Solutions that also aid in this from the Management Pack side as well as the ACS reporting side.
Full Disclosure: I work for one of said MS Partners