The most common cause forr this is the user is still logged on on another machine. This type of problem is easily solved if you've set the DBFlag for logon events for netlogon. Otherwise it is almost impossible to track in an environment with NT Desktops -- the event ends up in the event logs of the offending desktop, not the DC. In an environment with 9x desktops, this is still difficult to track, since the events can be in the logs of any DC, but are not centraliuzed. Debugging netlogon, solves all that, and is fairly easy -- only requiring a registry change on 2000 DCs.
Here are relevant articles -- http://support.microsoft.com/default.aspx?scid=kb;en-us;189541 http://support.microsoft.com/default.aspx?scid=kb;en-us;109626 Additionally, you will need to set up some method to recover the netlogon text files and to make certain the DCs hard drive doesn't get filled by them. -Patrick R. Sweeney http://boston.craigslist.org/bos/res/8484283.html ----- Original Message ----- From: "Johnny" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, February 25, 2003 9:34 AM Subject: Account lock outs > Hi, > > I have an account in a domain that keeps getting locked out every couple > of hours. The group policy for the domain says lock out the account after > 5 failed logon attempts. Of course this person is just sitting at her > desk. In her event logs I noticed that routinely she gets the message > security settings in the group policy object applied successfully > (paraphrasing there). I'm not sure if it is after the application of this > policy that she gets locked out. For testing, I bumped up the failed > login attempts to 20 and she wasn't locked out this morning. > > Is there anythingelse aside from failed login attempts that can lock out > and account? Is this a strong indicator that someone might be trying to > figure out her password or is that just paranoia talking? It only started > happening this past week. > > Any help would be appreciated. > > Thanks, > > John > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
