Solved

account locks out every few seconds

Posted on 2010-08-13
14
632 Views
Last Modified: 2013-11-08
hI, is there a way to trace the sysem pc hostname or ip address which create this lock outs. Is there a script for the job of tracking. So far event logs and auditing did not help.
0
Comment
Question by:Shankar3003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33431437
there is a lockout account tool that you might be able to figure out what is causing it. 9 out of 10 times though there is a service somewhere using that account that has a wrong password or something.

give this a try though

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
0
 
LVL 1

Expert Comment

by:PaulJP
ID: 33431672
Try the Schedueld atask . I had that problem for months and foun a scheduled task with my old saved password in it!
0
 

Author Comment

by:Shankar3003
ID: 33435156
is there a script to tell where the source of lock out is occuring?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Expert Comment

by:techxperts
ID: 33455892
enable all auditing?
0
 

Author Comment

by:Shankar3003
ID: 33460774
auditing is enabled i require a vbs script to tell which account is being locked and the machine name.
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 275 total points
ID: 33463402
If you haven't already, you'll need to turn on auditing for logon events.
When you're looking at the failed logon event, there's a line that reads Logon Type. The logon type varies depending on the service or method used to logon to the server. http://www.windowsecurity.com/articles/Logon-Types.html has a list of the type numbers and their sources.
0
 
LVL 42

Assisted Solution

by:sedgwick
sedgwick earned 75 total points
ID: 33463429
the following script output if account is locked.
modify the domainname.

(http://www.unagibay.com/DesktopDefault.aspx?tabindex=1&tabid=100&itemid=1814)

strName = InputBox("user account (without the domain)")
Set obj = GetObject("WinNT://domainname/" & strName )
If obj.IsAccountLocked Then
      MsgBox strName & " is locked out."
Else
      MsgBox strName & " is NOT locked out."
End If

Set obj = Nothing

Open in new window

0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 75 total points
ID: 33464554
there is some service starting with old password.
check microsoft website for account lockout tools and analyze all DC logs...
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 75 total points
ID: 33465638
MIdnightOne has it....

Turn on auditing...
Review the security event log.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 33573341
MIdnightOne should have gotten points.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question