Windows user Account getting locked at random
Hi,
We have a user account which gets locked at random. finding it hard to figure out whats causing this issue.
We kept the computer shut and its still locking the account. we created the user profile on the local pc, re added the outlook account still the same.
seems like a invalid password is been used by some application on a different pc. is there any way to trace this application or the pc which sending the bad credentials?
we are on win2003 server AD enviroment with win 2008 servers and winxp and win7 pcs.
I checked windows log tracing tool which was hopeless. cant trace anything on even log either.
much appreciated.
We have a user account which gets locked at random. finding it hard to figure out whats causing this issue.
We kept the computer shut and its still locking the account. we created the user profile on the local pc, re added the outlook account still the same.
seems like a invalid password is been used by some application on a different pc. is there any way to trace this application or the pc which sending the bad credentials?
we are on win2003 server AD enviroment with win 2008 servers and winxp and win7 pcs.
I checked windows log tracing tool which was hopeless. cant trace anything on even log either.
much appreciated.
Paul MacDonald
There may be something in the Event logs on the DC. Don't overlook home machines and/or smart phones that may be set up to check for mail automatically. Also, it's possible someone knows the username but not the password and is trying to log in from outside and locking the account that way.
Look through the Event logs on the server to find the failed logon attempts and see where they are coming from.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would search first in AL Tools from which DC Account has locked out. Then on DC I will do search for the User ID in Security Logs. There you can get hint from where the bad password has been attempted Machine IP or Hostname. On that particular system do the Checks as below URL
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
ASKER
It was a Printer that had the wrong credentials. Now as Administrators we have to check not only mobile devices and webmail.Network Printers too. Thanks