Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 721
  • Last Modified:

event id 40960

the above one says someone else tried to logon as the user and hence the user is locked out. how can this be digged into, as to who and where the attempt was made from? what tools would be needed?

the user's computer is XP Pro and is on 2003 domain network.

thanks

0
anushahanna
Asked:
anushahanna
1 Solution
 
Christopher WhiteSenior EngineerCommented:
If you think it is some you can follow this below but I would recommend checking mapped drives that could be left with old credentials. Which is what I find to be a major cause of account lock outs in the company I work for.


---------------

You don't look at the local event log you have to look at the domain
controllers event log

Is the account logged into more than one machine or is it running a service
on the same machine? A user could have mapped drives to a resource from one
machine, on a different machine he changes his password and then the first
machine attempts to stay mapped to a drive and the password is no longer
correct and eventually locks the user out. Or after a password is changed a
service is running that attempts to authenticate with an old password.

To help try and track down where the account is getting locked out use
eventcombMT.exe from the Account Lockout tools found out Microsoft's
website. Use the built in search AccountLockouts and search in the created
text files for the user in question.

http://www.microsoft.com/downloads/d...displaylang=en

You can also set the debug flag on NetLogon to track authentication. "This
creates a text file on the PDC that can be examined to determine which
clients are generating the bad password attempts."
http://support.microsoft.com/kb/189541
http://support.microsoft.com/kb/109626

(Written by  Paul Bergson)


0
 
anushahannaAuthor Commented:
thanks Chris.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now