Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1309
  • Last Modified:

Windows user Account getting locked at random

Hi,
We have a user account which gets locked at random. finding it hard to figure out whats causing this issue.
We kept the computer shut and its still locking the account.  we created the user profile on the local pc, re added the outlook account still the same.

seems like a invalid password is been used by some application on a different pc. is there any way to trace this application or the pc which sending the bad credentials?

we are on win2003 server AD enviroment with win 2008 servers and winxp and win7 pcs.
I checked windows log tracing tool which was hopeless. cant trace anything on even log either.

much appreciated.
0
Fleetech
Asked:
Fleetech
1 Solution
 
Paul MacDonaldDirector, Information SystemsCommented:
There may be something in the Event logs on the DC.  Don't overlook home machines and/or smart phones that may be set up to check for mail automatically.  Also, it's possible someone knows the username but not the password and is trying to log in from outside and locking the account that way.
0
 
Seaton007Commented:
Look through the Event logs on the server to find the failed logon attempts and see where they are coming from.
0
 
mo_patelCommented:
download Account lockout manager from netwrix free 30 day trial

and also MS account lockout status , these two will help give more info to find whats happening.
0
 
SandeepSr System AdministratorCommented:
I would search first in AL Tools from which DC Account has locked out. Then on DC I will do search for the User ID in Security Logs. There you can get hint from where the bad password has been attempted Machine IP or Hostname. On that particular system do the Checks as below URL

http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
0
 
FleetechAuthor Commented:
It was a Printer that had the wrong credentials.  Now as Administrators we have to check not only mobile devices and webmail.Network Printers too. Thanks
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now