Try this... http://support.microsoft.com/kb/182918
Windows NT generates an account lockout event (Event ID: 539) on the workstation where the failed logon attempts occurred if the audit policy on that workstation enables auditing of failed logon/logoff events. However, no event is logged at the domain controller. Administrators must search the event logs of all client systems to locate the computer where the bad password attempts originated. Cheers, Matt Duguid Systems Engineer for Identity Services Department of Internal Affairs Phone: +64 4 4748028 (wellington) Mobile: +64 21 1713290 Fax: +64 4 4748894 Address: Level 4, 47 Boulcott Street, Wellington CBD E-mail: [EMAIL PROTECTED] Web: http://www.dia.govt.nz/ |---------+----------------------------------> | | | | | | | | | | | "Salandra, Justin A." | | | <[EMAIL PROTECTED]| | | > | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 19/12/2006 08:34 a.m. | | | Please respond to | | | ActiveDir | | | | |---------+----------------------------------> >--------------------------------------------------------------------------------------------------------------| | | | To: <[email protected]> | | cc: | | Subject: [ActiveDir] Strange Lock Out Issue | >--------------------------------------------------------------------------------------------------------------| I have a user, who is not logged in anywhere else, and while surfing the web or access a program is getting locked out of her account for no reason. I have checked the logs on all three domain controllers and nothing is showing a failed logon attempt or bad password. It doesn’t even show when the account got locked. Any ideas on how to rectify this? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED]
