account locked out every day

Posted on 2006-06-07
Last Modified: 2012-08-14
hello, recently made users change there passwords, and i have a couple that lock a couple of times a day,

likley cause is an app or service using there account for authentication,   but no idea how to find out where this is.

anyone suggest what logging to use or any utilites that can tell me when a user/app tries to logon and where it is.

Question by:mhamer

    Expert Comment

    Well first off you should check on which credentials the services are running. On XP machines goto Control Panel -> Administrative tools -> Services and from that list check which services have "Log On As" setting set to other than Local System and check password on those services. Then check the event log from the workstation and see which application is giving you warnings or errors.

    Hope this helps =)

    Author Comment

    its teh domain account, thats getting locked out not an actual prob with an app, the trouble is we dont  know where this service is (as in 1000+ machines in use) and although we are manualy checking wondering if there was an automated solution
    LVL 33

    Accepted Solution

    On the domain controller, look through the Security log...  Search for the account that is getting locked out...

    You should be able to find something like this:

    User Account Locked Out:          Target Account Name:        lockedoutuser1          Target Account ID:        domaintest\lockedoutuser1          Caller Machine Name:        Machine1

    This will tell you what machine is locking out the account... this can be helpful in further troubleshooting...

    The next step would be to go to the machine1 server (desktop) and look through the services on the machine.  Many times, people will install a service with a domain user account (as startup type).  This is problematic as when the domain account password changes, it is not automatically updated on the service...

    Anyway, if you still need to troubleshoot this further, you can use a tool called: LockoutStatus.exe

    In addition, it may be required to enable Kerberos loggin on your DC's...;en-us;262177

    In addition, you may be required to run some netcap captures.... to analyze traffic...

    LVL 48

    Expert Comment

    Hi mhamer,

    check this from ms

    you will need to register teh dll's and it adds an additional TAB to their account in AD which provides a lot of detail

    Author Comment

    I have all the account infor and lock out staus stuff thanks.

    audit failire should up the machine causing it  no services running under there name though  but its 400 miles away so will just image it  cant be anything important on it.


    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    Learn about cloud computing and its benefits for small business owners.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now