Is there a way to programmaticly get the failed logon count for local Windows users in XP and later? Alternatively, is there a way for my service to get a message when a failed logon occurs? Currently coding in VB.NET, but will take any suggestions in any language. Thanks for your time.
A:
This information is available in the event log. Does that help? Events can get aged out of the event log (it is size and often time limited), so you can't rely on it to be a database of all failed logins. I do understand that it is possible for applications to get some event log data (see the tool snare), so that might qualify.
Slartibartfast
2010-06-30 01:55:04
Thanks for the advice. This was the hack-around method I was using, but then realized that standard users don't have event log access, so this method will not work for me.
Brad
2010-06-30 18:31:13
A:
The WIN32 Network Management functions are your friend for this stuff.
Use the NetUserGetInfo() API using level 2 (a USER_INFO_2 structure). Then check out the usri2_bad_pw_count member.
I've written a sample in both C++ and C# and uploaded it at http://codehq.net/files/NetUserGetInfo.zip (MIT License).
devstuff
2010-06-30 02:47:27
Thanks! I'm checking that out now... just need to figure out the API declarations and structures for .NET.
Brad
2010-06-30 21:24:52