Question about Failed logons due to bad password

Question about Failed logons due to bad password

I am trying to generate a report that shows when users fail to logon due to bad passwords.

I am only collecting the event logs on my domain controllers. The event ID that is generated due to a bad password is 4625. The problem is that 4625 is registered on the computer where the login was attempted and not on the computers that I am collecting logs.

There are other IDs that are registered on the DCs that can give this information but the custom reports are very verbose and not simple to read like the one provided as a standard report.  We don't want to collect logs from every computer on the domain. What I would really like is a way to modify the built in report to look for event ID 4771 and 4777

Any suggestions?
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products