Solved

event id 40960

Posted on 2011-02-24
2
707 Views
Last Modified: 2012-08-13
the above one says someone else tried to logon as the user and hence the user is locked out. how can this be digged into, as to who and where the attempt was made from? what tools would be needed?

the user's computer is XP Pro and is on 2003 domain network.

thanks

0
Comment
Question by:anushahanna
2 Comments
 
LVL 5

Accepted Solution

by:
Chris-Vielife earned 500 total points
ID: 34971065
If you think it is some you can follow this below but I would recommend checking mapped drives that could be left with old credentials. Which is what I find to be a major cause of account lock outs in the company I work for.


---------------

You don't look at the local event log you have to look at the domain
controllers event log

Is the account logged into more than one machine or is it running a service
on the same machine? A user could have mapped drives to a resource from one
machine, on a different machine he changes his password and then the first
machine attempts to stay mapped to a drive and the password is no longer
correct and eventually locks the user out. Or after a password is changed a
service is running that attempts to authenticate with an old password.

To help try and track down where the account is getting locked out use
eventcombMT.exe from the Account Lockout tools found out Microsoft's
website. Use the built in search AccountLockouts and search in the created
text files for the user in question.

http://www.microsoft.com/downloads/d...displaylang=en

You can also set the debug flag on NetLogon to track authentication. "This
creates a text file on the PDC that can be examined to determine which
clients are generating the bad password attempts."
http://support.microsoft.com/kb/189541
http://support.microsoft.com/kb/109626

(Written by  Paul Bergson)


0
 
LVL 6

Author Comment

by:anushahanna
ID: 34973101
thanks Chris.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now