Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 637
  • Last Modified:

account locks out every few seconds

hI, is there a way to trace the sysem pc hostname or ip address which create this lock outs. Is there a script for the job of tracking. So far event logs and auditing did not help.
0
Shankar3003
Asked:
Shankar3003
4 Solutions
 
ZombieAutopsyCommented:
there is a lockout account tool that you might be able to figure out what is causing it. 9 out of 10 times though there is a service somewhere using that account that has a wrong password or something.

give this a try though

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
0
 
PaulJPCommented:
Try the Schedueld atask . I had that problem for months and foun a scheduled task with my old saved password in it!
0
 
Shankar3003Author Commented:
is there a script to tell where the source of lock out is occuring?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
techxpertsCommented:
enable all auditing?
0
 
Shankar3003Author Commented:
auditing is enabled i require a vbs script to tell which account is being locked and the machine name.
0
 
MidnightOneCommented:
If you haven't already, you'll need to turn on auditing for logon events.
When you're looking at the failed logon event, there's a line that reads Logon Type. The logon type varies depending on the service or method used to logon to the server. http://www.windowsecurity.com/articles/Logon-Types.html has a list of the type numbers and their sources.
0
 
Meir RivkinFull stack Software EngineerCommented:
the following script output if account is locked.
modify the domainname.

(http://www.unagibay.com/DesktopDefault.aspx?tabindex=1&tabid=100&itemid=1814)

strName = InputBox("user account (without the domain)")
Set obj = GetObject("WinNT://domainname/" & strName )
If obj.IsAccountLocked Then
      MsgBox strName & " is locked out."
Else
      MsgBox strName & " is NOT locked out."
End If

Set obj = Nothing

Open in new window

0
 
gheistCommented:
there is some service starting with old password.
check microsoft website for account lockout tools and analyze all DC logs...
0
 
Ron MalmsteadInformation Services ManagerCommented:
MIdnightOne has it....

Turn on auditing...
Review the security event log.
0
 
Ron MalmsteadInformation Services ManagerCommented:
MIdnightOne should have gotten points.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now