Failed Logon Counter for Local Users

Is there a way to programmaticly get the failed logon count for local Windows users in XP and later? Alternatively, is there a way for my service to get a message when a failed logon occurs? Currently coding in VB.NET, but will take any suggestion开发者_如何学Pythons in any language. Thanks for your time.

The WIN32 Network Management functions are your friend for this stuff.

Use the NetUserGetInfo() API using level 2 (a USER_INFO_2 structure). Then check out the usri2_bad_pw_count member.

I've written a sample in both C++ and C# and uploaded it at http://codehq.net/files/NetUserGetInfo.zip (MIT License).

This information is available in the event log. Does that help? Events can get aged out of the event log (it is size and often time limited), so you can't rely on it to be a database of all failed logins. I do understand that it is possible for applications to get some event log data (see the tool snare), so that might qualify.