How to configure failed login notifications

 

In order to configure failed login notification, you will need to add an event log filter to your Endpoint Policies.

Go to the VSAX WebApp > Server Admin > Endpoint Policies > Endpoint Policy Details > Insert your Policy’s name > System > Event Log.

 

By default the option to Add Filter is disabled, to activate click on the ‘Send a notification’ box. The Add Filter button will turn from grey to blue.

 

 

In the newly opened window provide a title for your new alert and select Security for Event Logs and Audit Failed for Level fields for drop down menu.

The two last remaining steps are to set 4625 in the Event ID files and select the notification priority of your choice.



 

Enable Logon Auditing

 

If you don’t see these events in your Event Viewer, you might have to enable Logon Auditing.

 

Note: Group Policy Editor is not available in Home versions on Windows 7 or the standard version of Windows 8.

 

Go go to Group Policy Editor go to Start Menu and type: gpedit.msc

In the Group Policy Editor select Windows followed by Security Settings and Audit Policies. Then double click on Audit Logon events.

 

 

 

 

Graphical user interface, text, application

Description automatically generated

 

From there make sure that both boxes are ticked and click ok to save.

 

Graphical user interface, application, Word

Description automatically generated

 

Lock your computer, log back in with a false password and check in the event viewer recorded a new audit failure.

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section