Solved

account locks out every few seconds

Posted on 2010-08-13
14
631 Views
Last Modified: 2013-11-08
hI, is there a way to trace the sysem pc hostname or ip address which create this lock outs. Is there a script for the job of tracking. So far event logs and auditing did not help.
0
Comment
Question by:Shankar3003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33431437
there is a lockout account tool that you might be able to figure out what is causing it. 9 out of 10 times though there is a service somewhere using that account that has a wrong password or something.

give this a try though

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
0
 
LVL 1

Expert Comment

by:PaulJP
ID: 33431672
Try the Schedueld atask . I had that problem for months and foun a scheduled task with my old saved password in it!
0
 

Author Comment

by:Shankar3003
ID: 33435156
is there a script to tell where the source of lock out is occuring?
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 2

Expert Comment

by:techxperts
ID: 33455892
enable all auditing?
0
 

Author Comment

by:Shankar3003
ID: 33460774
auditing is enabled i require a vbs script to tell which account is being locked and the machine name.
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 275 total points
ID: 33463402
If you haven't already, you'll need to turn on auditing for logon events.
When you're looking at the failed logon event, there's a line that reads Logon Type. The logon type varies depending on the service or method used to logon to the server. http://www.windowsecurity.com/articles/Logon-Types.html has a list of the type numbers and their sources.
0
 
LVL 42

Assisted Solution

by:sedgwick
sedgwick earned 75 total points
ID: 33463429
the following script output if account is locked.
modify the domainname.

(http://www.unagibay.com/DesktopDefault.aspx?tabindex=1&tabid=100&itemid=1814)

strName = InputBox("user account (without the domain)")
Set obj = GetObject("WinNT://domainname/" & strName )
If obj.IsAccountLocked Then
      MsgBox strName & " is locked out."
Else
      MsgBox strName & " is NOT locked out."
End If

Set obj = Nothing

Open in new window

0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 75 total points
ID: 33464554
there is some service starting with old password.
check microsoft website for account lockout tools and analyze all DC logs...
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 75 total points
ID: 33465638
MIdnightOne has it....

Turn on auditing...
Review the security event log.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 33573341
MIdnightOne should have gotten points.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question