The steps I have done so far:

• In the DC, go to Group Policy Management Editor > Default Domain Policy (Linked) > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy
• Set the Audit account logon events, directory services access, logon events to "failure". account management is already set to "Success, Failure".
• In the DC, start the command prompt, type gpupdate.

The event log still shows only Audit Success only, even though it can be checked that my user account is getting bad password count every few minutes or so.

Quelle