• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 284
  • Last Modified:

account locked out every day

hello, recently made users change there passwords, and i have a couple that lock a couple of times a day,

likley cause is an app or service using there account for authentication,   but no idea how to find out where this is.

anyone suggest what logging to use or any utilites that can tell me when a user/app tries to logon and where it is.

0
mhamer
Asked:
mhamer
1 Solution
 
TTL79Commented:
Well first off you should check on which credentials the services are running. On XP machines goto Control Panel -> Administrative tools -> Services and from that list check which services have "Log On As" setting set to other than Local System and check password on those services. Then check the event log from the workstation and see which application is giving you warnings or errors.

Hope this helps =)
0
 
mhamerAuthor Commented:
its teh domain account, thats getting locked out not an actual prob with an app, the trouble is we dont  know where this service is (as in 1000+ machines in use) and although we are manualy checking wondering if there was an automated solution
0
 
NJComputerNetworksCommented:
On the domain controller, look through the Security log...  Search for the account that is getting locked out...

You should be able to find something like this:

User Account Locked Out:          Target Account Name:        lockedoutuser1          Target Account ID:        domaintest\lockedoutuser1          Caller Machine Name:        Machine1

This will tell you what machine is locking out the account... this can be helpful in further troubleshooting...


The next step would be to go to the machine1 server (desktop) and look through the services on the machine.  Many times, people will install a service with a domain user account (as startup type).  This is problematic as when the domain account password changes, it is not automatically updated on the service...

Anyway, if you still need to troubleshoot this further, you can use a tool called: LockoutStatus.exe   http://www.microsoft.com/downloads/details.aspx?FamilyID=d1a5ed1d-cd55-4829-a189-99515b0e90f7&DisplayLang=en

In addition, it may be required to enable Kerberos loggin on your DC's...  http://support.microsoft.com/default.aspx?scid=kb;en-us;262177

In addition, you may be required to run some netcap captures.... to analyze traffic...

0
 
Jay_Jay70Commented:
Hi mhamer,

check this from ms
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

you will need to register teh dll's and it adds an additional TAB to their account in AD which provides a lot of detail
0
 
mhamerAuthor Commented:
I have all the account infor and lock out staus stuff thanks.

audit failire should up the machine causing it  no services running under there name though  but its 400 miles away so will just image it  cant be anything important on it.

cheers
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now