| Event Information | According to Microsoft :
Cause :
This event record indicates an attempt to log on using an unknown user account or a valid user account but with an incorrect password. An unexpected increase in the number of these audits could represent an attempt by someone to find user accounts and passwords (such as a "dictionary" attack, in which a list of words is used by a program to attempt entry).
Resolution :
The person with administrative rights for the computer should establish a threshold limit for attempted log ons. Attempts in excess of the limit should be investigated as a possible attempt to break into the computer.
---------------------------------------------------------------------------------------------
Cause:
An unexpected increase in the number of these audits could represent an attempt by someone to find user accounts and passwords (such as a "dictionary" attack, in which a list of words is used by a program to attempt entry).
Resolution:
The administrator should establish a threshold limit for attempted log ons. Attempts in excess of the limit should be investigated as a possible attempt to break into the computer.
Following information from Windows IT Pro may give more idea.
Windows will generate event ID 529 if the machine environment meets the
following criteria:
The machine is running Windows XP.
The machine is a member of a domain.
The machine is using a machine local account.
Youve enabled logon failure auditing.
When the user logs off, Windows will write event ID 529 to the log file because
the OS incorrectly tries to contact the domain controller (DC), despite the fact
that the machine is using a local account. Microsoft currently doesnt provide a
fix for this problem, but you can safely ignore this event ID. |
