Re: Account Lockout
From: Ryan Hanisco (rhanisco_at_flagshipis.com)
Date: 11/30/04
- Next message: Sam Ramsey: "Terminal Emulation"
- Previous message: Ken B: "Re: smtp address aditional"
- In reply to: kmkrause2: "Account Lockout"
- Next in thread: kmkrause2: "Re: Account Lockout"
- Reply: kmkrause2: "Re: Account Lockout"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Nov 2004 14:49:39 -0600
If you think it is an issue where there is a repeated failed logon, you can
see this if you turn on auditing of domain logons. In general, you should
have this on for both Failure and Success as it will alert you to a number
of potential problems/ threats.
Do this via a GPO and watch for failed logon attempts. Other than that, you
can go into more detailed auditing looking for changes to accounts, but this
will probably be unnecessary if you think this is just due to failed
attempts.
-- Ryan Hanisco MCSE, MCDBA Flagship Integration Services "kmkrause2" <kmkrause2@discussions.microsoft.com> wrote in message news:141C30B6-8375-4D7E-B0A9-60A23A961839@microsoft.com... > Is there a utility that can be used to determine where a particular account > is getting locked out from. I have a user's account that is getting locked > out periodically. Most likely it's due to some service attempting to log in > under that users' account. The account has been getting locked out from time > to time since his last password change. > > I don't want to have to search the security event logs from all the > computers and servers on our network. Is there an easier way? > > TIA, > Ken
- Next message: Sam Ramsey: "Terminal Emulation"
- Previous message: Ken B: "Re: smtp address aditional"
- In reply to: kmkrause2: "Account Lockout"
- Next in thread: kmkrause2: "Re: Account Lockout"
- Reply: kmkrause2: "Re: Account Lockout"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
