I have a user who is constantly getting locked out of his account. He
claims that he isn't typing in a bad password 3 times (the lockout number)
but that it just suddenly happens. What is the best way to monitor his ID
to determine what and when the bad password attempts are happening? In
checking through the event logs on the BDC's I don't see anything, or else
I'm not recognizing it for what it is.
I am in an NT4 domain. We have multiple BDC's. The user is having this
problem when they log on locally to the network and also when RASing in.
They have 2 machines, a W2K and a Win98 machine that they use.
Any help is appreciated.
Marc
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
