I have a user that every time he logs in he is locked out. I assume someone is trying to log in with his username and password and is getting it locked out, how would I go about tracking this or where are the log files if any?

Thanks in advance.
Who is Participating?
bmatumburaConnect With a Mentor Commented:
The Security Event log normally logs attempted logins
Aztec ComputersCommented:
Has this user stored / remebered a previous password in their windows account? Often people check the box to remember a network password, then forget they have stored it, change their password, and then the network sends the old password over the network, generating an account lockout due to number of 'incorrect' password attempts.
Look for applications that store passwords and authenticate against the domain.  I had a user that had a corrupted profile and his outlook was trying to authenticate using his old password and ended up killing his profile and recreating it on the workstation and the issue went away.  Figured out it was his own system causing the issue using bmatumburas approach of looking at failed logon attempts on the domains controller security event log.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.