Can't find out why my account is getting locked out

[craigt35]

We're running a Windows 2000 network. All Win2K Pro desktops and Win2K
servers. Less than a month ago, my account started getting locked out
a few times a day. Checking the security logs on our DCs, mail server,
and a couple other servers, the only time it shows my account having a
failure audit is when I try to connect to a network drive or our
intranet and it says my account has been disabled. It tends to be
first thing in the morning, as well as randomly throughout the day.
What am I missing? Why does my account keep getting locked out? I
would think that even if it was someone trying to log into my web
access email from offsite, it would show an audit failure, wouldn't it?
But I'm not finding anything. Anyone have any thoughts on something I
could try? Thanks.

tc

 

[Herb Martin]

We're running a Windows 2000 network. All Win2K Pro desktops and Win2K
servers. Less than a month ago, my account started getting locked out
a few times a day. Checking the security logs on our DCs, mail server,
and a couple other servers, the only time it shows my account having a
failure audit is when I try to connect to a network drive or our
intranet and it says my account has been disabled. It tends to be
first thing in the morning, as well as randomly throughout the day.
What am I missing? Why does my account keep getting locked out? I
would think that even if it was someone trying to log into my web
access email from offsite, it would show an audit failure, wouldn't it?

If you have Account Logon auditing enabled, it will.

You never actually indicated if you had enabled Account Logon auditing for
failures.

If not, then do so. Then check each DC (any DC can fail you
and log the failure.)

But I'm not finding anything. Anyone have any thoughts on something I
could try? Thanks.

Chances are it's some batch file, with a hardcoded (and wrong) password,
that is retrying and hitting your thresholds for lockout.

 

[Paul Bergson]

Herb is right on, on the account logged on in multiple places.


Download the tools linked below and there is a tool to scan your dc's event
logs for account logon failers.

http://www.microsoft.com/downloads/...familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

We're running a Windows 2000 network. All Win2K Pro desktops and Win2K
servers. Less than a month ago, my account started getting locked out
a few times a day. Checking the security logs on our DCs, mail server,
and a couple other servers, the only time it shows my account having a
failure audit is when I try to connect to a network drive or our
intranet and it says my account has been disabled. It tends to be
first thing in the morning, as well as randomly throughout the day.
What am I missing? Why does my account keep getting locked out? I
would think that even if it was someone trying to log into my web
access email from offsite, it would show an audit failure, wouldn't it?

If you have Account Logon auditing enabled, it will.

You never actually indicated if you had enabled Account Logon auditing for
failures.

If not, then do so. Then check each DC (any DC can fail you
and log the failure.)

But I'm not finding anything. Anyone have any thoughts on something I
could try? Thanks.

Chances are it's some batch file, with a hardcoded (and wrong) password,
that is retrying and hitting your thresholds for lockout.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

tc