Solved

account locks out every few seconds

Posted on 2010-08-13
14
627 Views
Last Modified: 2013-11-08
hI, is there a way to trace the sysem pc hostname or ip address which create this lock outs. Is there a script for the job of tracking. So far event logs and auditing did not help.
0
Comment
Question by:Shankar3003
14 Comments
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33431437
there is a lockout account tool that you might be able to figure out what is causing it. 9 out of 10 times though there is a service somewhere using that account that has a wrong password or something.

give this a try though

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
0
 
LVL 1

Expert Comment

by:PaulJP
ID: 33431672
Try the Schedueld atask . I had that problem for months and foun a scheduled task with my old saved password in it!
0
 

Author Comment

by:Shankar3003
ID: 33435156
is there a script to tell where the source of lock out is occuring?
0
 
LVL 2

Expert Comment

by:techxperts
ID: 33455892
enable all auditing?
0
 

Author Comment

by:Shankar3003
ID: 33460774
auditing is enabled i require a vbs script to tell which account is being locked and the machine name.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 26

Accepted Solution

by:
MidnightOne earned 275 total points
ID: 33463402
If you haven't already, you'll need to turn on auditing for logon events.
When you're looking at the failed logon event, there's a line that reads Logon Type. The logon type varies depending on the service or method used to logon to the server. http://www.windowsecurity.com/articles/Logon-Types.html has a list of the type numbers and their sources.
0
 
LVL 42

Assisted Solution

by:sedgwick
sedgwick earned 75 total points
ID: 33463429
the following script output if account is locked.
modify the domainname.

(http://www.unagibay.com/DesktopDefault.aspx?tabindex=1&tabid=100&itemid=1814)

strName = InputBox("user account (without the domain)")
Set obj = GetObject("WinNT://domainname/" & strName )
If obj.IsAccountLocked Then
      MsgBox strName & " is locked out."
Else
      MsgBox strName & " is NOT locked out."
End If

Set obj = Nothing

Open in new window

0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 75 total points
ID: 33464554
there is some service starting with old password.
check microsoft website for account lockout tools and analyze all DC logs...
0
 
LVL 25

Assisted Solution

by:Ron M
Ron M earned 75 total points
ID: 33465638
MIdnightOne has it....

Turn on auditing...
Review the security event log.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 33573341
MIdnightOne should have gotten points.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now