You can also use aloinfo.exe to determine possibly where the account lockout is coming from.
Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Tim Evans [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 1:14 PM To: NT System Admin Issues Subject: RE: account lockout Thanks, I'll have our DBA give that a try and let you know how it goes. Is it correct that these failed logons wouldn't show up in the DC's security logs if I'm auditing logon failures? ...Tim From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:55 AM To: NT System Admin Issues Subject: Re: account lockout Run a SQL profiler trace and audit log on's for that account. You can even audit log on failures. This should give you the process that is screwing you up. ----- Original Message ----- From: Tim Evans <mailto:[EMAIL PROTECTED]> To: NT System Admin Issues <mailto:[email protected]> Sent: Thursday, May 15, 2008 12:49 PM Subject: RE: account lockout BTW, Its Windows 2003 server Forest and Domain functional level ...Tim From: Tim Evans [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:45 AM To: NT System Admin Issues Subject: account lockout We've got a domain service account that is repeatedly getting locked out, but I'm not getting any 644 or 529 events in the DC security logs for that account. I've also run the built in Account Lockouts search in EventCombNT and come up empty. I'm pretty sure it is some kind of a scheduled job that is doing it, but finding it is proving challenging. If it helps any, it's a SQL Server service account and it runs many SQL queries. Any ideas how I can find what is locking out this account? Tim Evans Associate, IT Manager S P A R L I N G 206/667-0509-Direct www.sparling.com <http://www.sparling.com> ______________________________________________________ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
