Solved

GP Account Lockout, strange behaviour

Posted on 2014-02-06
9
302 Views
Last Modified: 2014-03-08
Hi all
I've enabled, on my domain (win srv 2008), the Account Lockout Policy.
I have a problem with only 1 user (in total they are 80, more or less).
He finds randomly his account locked, but he does not use a wrong password (at least, not 10 times as GP!). It happens 2-3 times every month.

In event viewer I cannot find anything regarding these locks

He uses:
- pc with Windows 7
- mac with parallels for a Windows 7 machine
- iPad
- iPhone

Any ideas?
Thx
0
Comment
Question by:ServiceAdvisory
  • 5
  • 3
9 Comments
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
Go here

http://www.microsoft.com/en-gb/download/details.aspx?id=18465

Download the lockout tools, it will scan your domain controllers and you should be able to find where the account is locking out. Go to said computer and you'll probably find something like a scheduled task or the account logged on with an old password.
0
 

Author Comment

by:ServiceAdvisory
Comment Utility
nice tool, but from there I can see on which DC is locked (when he is): or I am using it in the wrong way?

I read that I should look for an event id 4740, but I cannot find it anywhere.
0
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
If you open eventcombMT and then at the top click searches, built in searches, account lock outs :D
0
 

Author Comment

by:ServiceAdvisory
Comment Utility
ok, good
but no results here

Total events searched: 540396
Total matches found: 0
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
:-(

Not sure then, it could be that he's actually just locking out his account by accident and doesn't want to admit it... :S

The other thing I would check is your current Security log size, if it's not large enough it'll only keep data for the day rather than historical data, you may need to change that so you have the logs to scan in the first place.

Regards

Alex
0
 
LVL 21

Expert Comment

by:Joseph Moody
Comment Utility
What is your account lockout threshold? Microsoft suggests keeping it at 10.
0
 

Author Comment

by:ServiceAdvisory
Comment Utility
Yes, the value is 10
Any other idea?
0
 

Accepted Solution

by:
ServiceAdvisory earned 0 total points
Comment Utility
no solution atm
any idea, or I can close?
0
 

Author Closing Comment

by:ServiceAdvisory
Comment Utility
no solution provided
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now