or PowerShell with Quest Active Directory cmdlets. PS:> Get-QADUser -Locked -SizeLimit 0
Some options to play with PS:> $a = Get-QADUser -Locked -SizeLimit 0 PS:> $a.count (this will get you a count) PS:> $a | select DisplayName, Logonname PS:> $a | ft DisplayName, Logonname, CanonicalName -AutoSize PS:> $a | Unlock-QADUser Steven On Fri, Nov 20, 2009 at 1:47 PM, Kent, Larry CTR USA <[email protected]> wrote: > Classification: UNCLASSIFIED > Caveats: NONE > > Or Set up this query in ADU&C, somewhat useful…. > > > > http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/ActiveDirectory/FindAllLocked-OutAccounts.html > > > > > > From: Greg Olson [mailto:[email protected]] > Sent: Friday, November 20, 2009 2:33 PM > To: NT System Admin Issues > Subject: RE: Conficker Help! > > > > Go grab the trial version of NetWrix Account lockout Examiner: > > http://www.netwrix.com > > > > It will monitor your domain controllers and look for lockout’s and report > what machine there coming from. > > > > > > From: Orland, Kathleen [mailto:[email protected]] > Sent: Friday, November 20, 2009 6:08 AM > To: NT System Admin Issues > Subject: Re: Conficker Help! > > > > That's what I did with my Conficker hit earlier this year. Also, in spite of > the fact it looked as though everyone was infected and popping up virus > alerts we really only had one infected laptop. McAfee (not my choice to run) > was popping up alerts on every PC every time the one infected PC tried to > use a bad password. I was able to determine alot from checking 1) bad > password attempts 2) McAfee logs. > > ----- Original Message ----- > > From: Mayo, Bill > > To: NT System Admin Issues > > Sent: Friday, November 20, 2009 8:41 AM > > Subject: RE: Conficker Help! > > > > Look for multiple bad password attempts coming from the same source. > > > > ________________________________ > > From: Kelsey, John [mailto:[email protected]] > Sent: Friday, November 20, 2009 8:34 AM > To: NT System Admin Issues > Subject: Conficker Help! > > Looks like we're getting hit the Conficker this morning. Sophos is > reporting several hundred 'conficker detected/cleaned' messages, so at least > its catching it...BUT....how do I determine the source of the infection? > Something I can look for with wireshark or something? Apparently there are > some unprotected machines on the network. > > > > Any suggestions are welcome! > > > > > > ******************************* > John C. Kelsey > DuBois Regional Medical Center > (: 814.375.3073 > 2 : 814.375.4005 > *: [email protected] > ******************************* > > > > > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > This message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. > > > > > > > > > > > > > > > > > > Classification: UNCLASSIFIED > Caveats: NONE > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
