How to check Failed Login attempts in Windows Server 2012 R2
You can run into a lot of people telling you that the account keeps getting locked out without typing the wrong password.
Here is how to check the reasons for the account lockout if you’re using Windows Server 2012 as an Active Directory.
First thing that needs to be done is to enable auditing for login attemps.
In order to do this, go to Start, and type gpmc to launch Group Policy Management Console.
Here, you can either edit your Default Domain Policy, or create a new policy.
Either way, in the Group Policy Management Editor, go to Computer Configuration >Policies >Windows Settings > Security Settings >Advanced Audit Policy Configurator >Audit Policies
All the audit policies are on the right pane. Here,you have to enable the following policies for Successful and Failed events
-In Logon/Logoff – Enable Audit Logon
– In Object Access enable Audit Detailed File Share; Audit File Share; Audit File System
After applying these policies, you can check the login attempts by using Event Viewer and navigating to
Windows Logs >Security on the left pane.
