Account Lockouts

I am facing so many account locks out in our organization. We have got script which notify us which computer/user locking out and we remove credentials from Credentials Manager and it still trying to lockout on same device.

Any known solution for this, please?

Many thanks in advance.
M JIT Support EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

M JIT Support EngineerAuthor Commented:
@robin - Thanks for that. However these all article telling same thing, which is - how to find source of account lockouts, which is something we already have in place and works amazingly great. We also get notification. Problem is even after clearing credential manager, it still keep coming and coming from multiple sources. Cheers
Naveen SharmaCommented:
Check the security logs on your domain controllers. This may be due to scheduled task, services or applications. Also, check the IIS logs on the Exchange server that corresponds to the connection (Outlook Anywhere, Active Sync, EWS, etc).

Could also have your password stored under the System password vault:

Check below articles:

Active Directory: Troubleshooting Frequent Account Lockout:

How to track and troubleshoot User Account Lockouts with LepideAuditor:
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Shaun VermaakTechnical SpecialistCommented:
Problem is even after clearing credential manager, it still keep coming and coming from multiple sources.
Lockout policy to low? I do not think you are addressing the cause. I would for example disable credential store if it gives me a headache
M JIT Support EngineerAuthor Commented:
Thanks guys.

@Naveen - We have setup where automatically knows which user locking out from which machine. So finding the source is not problem.
@ Shaun - Thanks for your advice, we would like to keep password in credential manager, otherwise user has to enter password for every portal every time.
Shaun VermaakTechnical SpecialistCommented:
And lockout count? What is it currently set to?
M JIT Support EngineerAuthor Commented:
Thanks again, problem was resolved by finding locking out computer and ending user session from source computer.
after finding source computer

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shaun VermaakTechnical SpecialistCommented:
If you are happy, so am I. Just remember that causing helpdesk nightmare is not the purpose of lockout policy
M JIT Support EngineerAuthor Commented:
There were no answer to question by anyone else. I found source computer and then found application causing it. Removing password form Credentials manger helped.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.