Hi Patrick
Refer to the following document which will assist in tracking down the
issue:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
You can get the tools from:
http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
In short, you can use LockoutStatus.exe to find which DC(s) the bad attempts
are being logged against, then enable auditing on this(these) DC(s) and
determine the client machine(s) from which the attempts are originating.
Once you know this, you can go looking at the client(s) in question and try
to identify a user or a process which is responsible. ALockout.dll would be
used on the client to find the process that's responsible.
The whitepaper is a good read and should prove helpful.
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.