[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 666
  • Last Modified:

Account Lockout

We have a user on our domain whose account keeps getting locked out.  I installed the lockout tools from microsoft and from doing an event comb the computer that keeps sending pre-authentication failures is the mail server.
The events i see are in the attached file
IP 10.5.0.5 is the mail server
Thanks
lockout.txt
0
jduawa
Asked:
jduawa
1 Solution
 
chikenheadCommented:
someone is trying to hack the users email
0
 
Delphineous SilverwingGood Ol' GeekCommented:
There is a possibility that the person left Windows logged in and Outlook open at another workstation, then at some point changed their password.  Since this other location is still logged in, using a persistent application like Outlook, the user account locks out.  Check your security logs for the IP address of the failure audit source - now you have the machine cause the lockout.
0
 
MarkMichaelCommented:
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
jduawaAuthor Commented:
Delphineous:
The log indicates the ip is the mail server.

MarkMichael:
There are 175 computers in the school that the user could have logged into, but unlikely that they left any session logged on, any other thoughts

Thanks
0
 
Delphineous SilverwingGood Ol' GeekCommented:
Is Outlook Web Access offered?  If a session were left logged on in a browser using the "This is a private computer" selected, then the mail server would show as the source.
0
 
jduawaAuthor Commented:
i tried sending bad passwords while logging into OWA and it was a different message than the 675 that is in the event viewer
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now