• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:


I have a user that every time he logs in he is locked out. I assume someone is trying to log in with his username and password and is getting it locked out, how would I go about tracking this or where are the log files if any?

Thanks in advance.
1 Solution
The Security Event log normally logs attempted logins
Aztec ComputersCommented:
Has this user stored / remebered a previous password in their windows account? Often people check the box to remember a network password, then forget they have stored it, change their password, and then the network sends the old password over the network, generating an account lockout due to number of 'incorrect' password attempts.
Look for applications that store passwords and authenticate against the domain.  I had a user that had a corrupted profile and his outlook was trying to authenticate using his old password and ended up killing his profile and recreating it on the workstation and the issue went away.  Figured out it was his own system causing the issue using bmatumburas approach of looking at failed logon attempts on the domains controller security event log.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now