Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 533 Source: Security

Logon Failure:
Reason: User not allowed to logon at this computer
User Name: <user name>
Domain: <domain name>
Logon Type: <logon type>
Logon Process: <process>
Authentication Package: <package>
Workstation Name: <workstation name>
Caused by the HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail set to a value of 2. For details on the CrashOnAuditFail see ME757348.
If you have restricted an account to only logon from specific machines (via UserID properties -> Account tab -> Log On To... button), and then the account tries to authenticate from a machine not in the specific list, error 533 will be logged. The "workstation name" field in the error will indicate the machine or IP address from which the login attempt is coming.
This error may occur if the domain user account that is used for anonymous access in IIS cannot log on to the IIS Web server. See ME909887 to solve this problem.

See ME318319 for a situation in which this event occurs.
The logon attempt failed. The user account used to log on is not permitted to log on from this computer. This restriction is configured on the user's domain account. See MSW2KDB for more details on this event.
Event generated by a logon failure due to a user not allowed to logon at this computer.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.