My team uses a virtual Windows Server 2008 to store our code repository. We all login using a shared user account. The IT department requires that we keep the automatic account locking for mistyped passwords turned on.
Every so often the account gets locked out because of this.
Is there a log or something that I can enable to track login attempts? I would love to get a host name, or even an IP address of these attempts so that we can track down who is having trouble with this system. We do have admin access to the virtual machine.
Pre-emptive I know that using shared user accounts isn't the recommended way to do this, but we are stuck with that system.
Server 2008 comes with login/logout auditing already turned on (it wasn't in 2000 and 2003), so there are Security event-log entries already there showing these. The event-log IDs you're looking for are 4625 (failed login) and 4740 (Lockout). The data in these events should show the IP address or machine name of where the logins are coming from.