Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

account locks out every few seconds

Posted on 2010-08-13
14
Medium Priority
?
633 Views
Last Modified: 2013-11-08
hI, is there a way to trace the sysem pc hostname or ip address which create this lock outs. Is there a script for the job of tracking. So far event logs and auditing did not help.
0
Comment
Question by:Shankar3003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33431437
there is a lockout account tool that you might be able to figure out what is causing it. 9 out of 10 times though there is a service somewhere using that account that has a wrong password or something.

give this a try though

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
0
 
LVL 1

Expert Comment

by:PaulJP
ID: 33431672
Try the Schedueld atask . I had that problem for months and foun a scheduled task with my old saved password in it!
0
 

Author Comment

by:Shankar3003
ID: 33435156
is there a script to tell where the source of lock out is occuring?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 2

Expert Comment

by:techxperts
ID: 33455892
enable all auditing?
0
 

Author Comment

by:Shankar3003
ID: 33460774
auditing is enabled i require a vbs script to tell which account is being locked and the machine name.
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 1100 total points
ID: 33463402
If you haven't already, you'll need to turn on auditing for logon events.
When you're looking at the failed logon event, there's a line that reads Logon Type. The logon type varies depending on the service or method used to logon to the server. http://www.windowsecurity.com/articles/Logon-Types.html has a list of the type numbers and their sources.
0
 
LVL 42

Assisted Solution

by:sedgwick
sedgwick earned 300 total points
ID: 33463429
the following script output if account is locked.
modify the domainname.

(http://www.unagibay.com/DesktopDefault.aspx?tabindex=1&tabid=100&itemid=1814)

strName = InputBox("user account (without the domain)")
Set obj = GetObject("WinNT://domainname/" & strName )
If obj.IsAccountLocked Then
      MsgBox strName & " is locked out."
Else
      MsgBox strName & " is NOT locked out."
End If

Set obj = Nothing

Open in new window

0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 300 total points
ID: 33464554
there is some service starting with old password.
check microsoft website for account lockout tools and analyze all DC logs...
0
 
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 300 total points
ID: 33465638
MIdnightOne has it....

Turn on auditing...
Review the security event log.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 33573341
MIdnightOne should have gotten points.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question