I believe if you search security log for the event 644 on DCs you will find out where the domain account is being locked out from. Works for us.
Bob -----Original Message----- From: Malcolm Reitz [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 11:03 AM To: NT 2000 Discussions Subject: RE: Account lock outs The easiest way is to ask the user :) You can also use various tools, such as PSLOGGEDON from www.sysinternals.com to search for the user's ID coming from another PC. Malcolm -----Original Message----- From: Kim Schotanus [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 8:40 AM To: NT 2000 Discussions Subject: RE: Account lock outs How can you check that Malcolm? -----Original Message----- From: Malcolm Reitz [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 15:38 To: NT 2000 Discussions Subject: RE: Account lock outs Have you confirmed that the user is not logged on to another computer besides the one at her desk? Malcolm -----Original Message----- From: Johnny [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 8:34 AM To: NT 2000 Discussions Subject: Account lock outs Hi, I have an account in a domain that keeps getting locked out every couple of hours. The group policy for the domain says lock out the account after 5 failed logon attempts. Of course this person is just sitting at her desk. In her event logs I noticed that routinely she gets the message security settings in the group policy object applied successfully (paraphrasing there). I'm not sure if it is after the application of this policy that she gets locked out. For testing, I bumped up the failed login attempts to 20 and she wasn't locked out this morning. Is there anythingelse aside from failed login attempts that can lock out and account? Is this a strong indicator that someone might be trying to figure out her password or is that just paranoia talking? It only started happening this past week. Any help would be appreciated. Thanks, John ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute and delete the original message. Please notify the sender by E-Mail at the address shown. Thank you for your compliance. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
