Windows2000 Advanced Server. No domain but workgroup. Some 20 users.
Someone outside seems able to get our userlist. We have changed usernames but somehow the new usernames seems to be know in short time.
Now he is trying to login using each username from the list using some kind of password generator.
The policy is set up to lock after 5 failing login attempt.
A couple of times each day each user is accessed with teh generator until all the users are locked. Or, worse case, finding a password!
From the eventlogs I can see his/her domain-name and pc-name. Trying to catch is IP is usesless as different IPs are being used.
Is there a way to allow only known domains or pcnames to login and therefore block the unknown ?
Or does someone know a tool to block someone for long time whenever he does a certain number of successive failing login attemps.?
Appreciate anyones help