Authorization failure report

The default Authorization Failure Report provides a record of authorization failure events for all audited users, computers, and sessions. The report includes the user name, the computer where the user attempted to log on or use a role, the time of the attempt, and the reason the user was denied access.

You can customize and filter the information included in a Authorization Failure Report by specifying the query criteria and saving the report definition.