Solved

GP Account Lockout, strange behaviour

Posted on 2014-02-06
9
310 Views
Last Modified: 2014-03-08
Hi all
I've enabled, on my domain (win srv 2008), the Account Lockout Policy.
I have a problem with only 1 user (in total they are 80, more or less).
He finds randomly his account locked, but he does not use a wrong password (at least, not 10 times as GP!). It happens 2-3 times every month.

In event viewer I cannot find anything regarding these locks

He uses:
- pc with Windows 7
- mac with parallels for a Windows 7 machine
- iPad
- iPhone

Any ideas?
Thx
0
Comment
Question by:ServiceAdvisory
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 12

Expert Comment

by:Alex Green
ID: 39838501
Go here

http://www.microsoft.com/en-gb/download/details.aspx?id=18465

Download the lockout tools, it will scan your domain controllers and you should be able to find where the account is locking out. Go to said computer and you'll probably find something like a scheduled task or the account logged on with an old password.
0
 

Author Comment

by:ServiceAdvisory
ID: 39838528
nice tool, but from there I can see on which DC is locked (when he is): or I am using it in the wrong way?

I read that I should look for an event id 4740, but I cannot find it anywhere.
0
 
LVL 12

Expert Comment

by:Alex Green
ID: 39838532
If you open eventcombMT and then at the top click searches, built in searches, account lock outs :D
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:ServiceAdvisory
ID: 39838546
ok, good
but no results here

Total events searched: 540396
Total matches found: 0
0
 
LVL 12

Expert Comment

by:Alex Green
ID: 39838558
:-(

Not sure then, it could be that he's actually just locking out his account by accident and doesn't want to admit it... :S

The other thing I would check is your current Security log size, if it's not large enough it'll only keep data for the day rather than historical data, you may need to change that so you have the logs to scan in the first place.

Regards

Alex
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 39838667
What is your account lockout threshold? Microsoft suggests keeping it at 10.
0
 

Author Comment

by:ServiceAdvisory
ID: 39846620
Yes, the value is 10
Any other idea?
0
 

Accepted Solution

by:
ServiceAdvisory earned 0 total points
ID: 39876333
no solution atm
any idea, or I can close?
0
 

Author Closing Comment

by:ServiceAdvisory
ID: 39914417
no solution provided
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question