account locks out every few seconds

hI, is there a way to trace the sysem pc hostname or ip address which create this lock outs. Is there a script for the job of tracking. So far event logs and auditing did not help.
Shankar3003Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZombieAutopsyCommented:
there is a lockout account tool that you might be able to figure out what is causing it. 9 out of 10 times though there is a service somewhere using that account that has a wrong password or something.

give this a try though

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
0
PaulJPCommented:
Try the Schedueld atask . I had that problem for months and foun a scheduled task with my old saved password in it!
0
Shankar3003Author Commented:
is there a script to tell where the source of lock out is occuring?
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

techxpertsCommented:
enable all auditing?
0
Shankar3003Author Commented:
auditing is enabled i require a vbs script to tell which account is being locked and the machine name.
0
MidnightOneCommented:
If you haven't already, you'll need to turn on auditing for logon events.
When you're looking at the failed logon event, there's a line that reads Logon Type. The logon type varies depending on the service or method used to logon to the server. http://www.windowsecurity.com/articles/Logon-Types.html has a list of the type numbers and their sources.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Meir RivkinFull stack Software EngineerCommented:
the following script output if account is locked.
modify the domainname.

(http://www.unagibay.com/DesktopDefault.aspx?tabindex=1&tabid=100&itemid=1814)

strName = InputBox("user account (without the domain)")
Set obj = GetObject("WinNT://domainname/" & strName )
If obj.IsAccountLocked Then
      MsgBox strName & " is locked out."
Else
      MsgBox strName & " is NOT locked out."
End If

Set obj = Nothing

Open in new window

0
gheistCommented:
there is some service starting with old password.
check microsoft website for account lockout tools and analyze all DC logs...
0
Ron MalmsteadInformation Services ManagerCommented:
MIdnightOne has it....

Turn on auditing...
Review the security event log.
0
Ron MalmsteadInformation Services ManagerCommented:
MIdnightOne should have gotten points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities

From novice to tech pro — start learning today.