Now Audit Your Attackers

With the Account Lockout policy in place, you can now enable auditing to see any account attacks. To turn on auditing for failed log-on events, do the following:

Click the Start button, type secpol.msc, and click the secpol icon.Click on Local Policies and then Audit Policy.Right-click on Audit account logon events policy and select Properties.Check the Failure box and click OK.Right-click on Audit logon events policy and select Properties.Check the Failure box and click OK. Close the Local Security Policy window.

You can then use the Event Viewer (by running eventvwr.msc) to view the logs under Windows Logs and Security.

Secure Your Internet Explorer Settings