Hi list, I have a W2K server sitting out on the Internet, and I have logging turned on and what not. I see a whole bunch of failed logon attempts today for users like Guest, Administrator, IUSR_[SERVERNAME], database, root, etc.. Someone's trying to get onto my server, apparently. The event in the error log just says that the failed logon attempt came from workstation \\whatever, which means nothing to me. Is there any way that I can log the IP addresses that these failed logon attempts are coming from so that I can hack onto their computers and put viruses on them? Thanks a lot, Ray at home ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm