Link to home
Create AccountLog in
Avatar of Gavin Tech
Gavin TechFlag for United Kingdom of Great Britain and Northern Ireland

asked on

My windows account keeps on locking?

I am not sure why it is hapenning but is there any software which can tell me where or how my account is being locked so I can prevent it from hapenning.
Avatar of Obadiah Christopher
Obadiah Christopher
Flag of India image

Are you on a network?
Or it is happening on a stand-alone machine?
The only real way is to audit the logon/logoff attempts in the Security section of Event Viewer.

Then you can see if people are attempting to logon to your account - and by getting the password wrong - locking your out.

http://technet2.microsoft.com/windowsserver/en/library/e104c96f-e243-41c5-aaea-d046555a079d1033.mspx?mfr=true
You can change the lockout policy - if you are on a domain, and logged on as an Administrator:

http://technet2.microsoft.com/windowsserver/en/library/957ed7b6-4cad-45d4-94c2-d3471e9cf10b1033.mspx?mfr=true
Avatar of Gavin Tech

ASKER

I am part of a domain. The account has domain admin rights.
So - have you tried looking at the default domain policy - and lengthening the number of logon attempts before your account gets locked out? I would recommend also changing your logon name in AD - so that the person attempting to logon as you cannot lock your account out...
ASKER CERTIFIED SOLUTION
Avatar of robstacey
robstacey

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
How do you know it is a person using my account name. Could it not be a service somewhere trying to start with a wrong password. I change my password every 3 months and may have used my credentials somewhere.
Robstacy

Will the security logs on all the DC's be the same.
These lockouts normally occur due to this behaviour - that's all.

Most services start use the System, Local System or another built-in account. There may be some that you have configured manually to use your account - but then only you would know which ones you have configured in this way.

I am just trying to point out what the most likely cause of this is - when you haven't made custom changes to the way system services and programs launch...
Avatar of robstacey
robstacey

Not necessarily no although I think that they generally get synched up to the PDC emulator.
How many DC do you have?  You can filter the view in Event Log Viewer to only show desired entries.
I have 3 dc's.
644 security log entries point to a to a certain pc locking the account but the events do not correspond with all the lockouts. There were no 644 events in the last few days but the account has definetely been locked and unlocked within the period.

This pc in question is our WEB proxy and only accessible via a few key IT staff.

I heard of a program which can be installed on a DC that monitors all logon attempts and lockouts and tells you the cause of the lockout eg the program which locked you out.  Any thoughts.
Check the services on that webproxy machine to make sure that none of them are running under your user account, or scheduled tasks.
You haven't left a remote desktop session running on that machine have you?  Disconnected rather than logged out.
There is software out there but mostly it just tells you which machine is causing the lockout, not which process has caused it.
We use a product called LT Auditor which isn't bad but it's not particularly cheap so it depends on your requirements moving forwards for continued monitoring.
How can I log off the pc if my remote connection is still running. Maybe I did disconnect and not log out.
If you connect to that server again and there is a session running it should just open the current one again. You can check by hooking up and going into Terminal Services manager on that server to check how long the sessions have been running, it tells you what sessions are running and when they started, you can reset any RDP ones that aren't you but look like they've been up for a long time.
 If there is a session that is running with an old password you will still be able to connect to it with your new one, that should just refresh the credentials for that session.