1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tracking Account Lockout

Discussion in 'Software' started by Nelix, May 27, 2004.

  1. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Hi all

    I have a problem at work, since I returned to work I have had to change my password. Now, Every hour or so something trys to authenticate with the DC (3 times, 10 minutes in between each one). obviously I have used my Account details :oops: somewhere on the network and now my password has changed it fails to authenticate.

    Is there any software out there that will logg these attempts with details of the application and maybe the host name from which the request originated?

    Looking forward to your replys
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  2. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    I know it's stating the obvious but have you had a little look see in the event log for the DC. Otherwise try setting up an audit policy in the domain controllers OU.

    HTH
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  3. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    We have tried that but we are getting different results from different DC's around the country, 1 says its from the South West regional office another says it's from the Eastern region and another says it's from our head office in london. the only host information it gives is the host name and IP of the DC that recieved the Auth request, I would like to try and pinpiont which specific machine i question.
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  4. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Just had a thought. We had a similar problem when we changed the Administrators name and the antivirus could not update it self on the clients. It's not something like your AV trying to update your DC's and you've used your Admin account to do that with is it :wink:
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  5. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Well thats what I originally thought, but we only use an account created for JUST that task (AV Updates ETC), this is MY account. I have managed to track down 3 machines that report I am logged on locally, 1 is my own (obviously) the other 2 are in our ipswich office (one of those been the server) the other is one of there client machines, have remote controlled BOTH machine and i am NOT logged on there.

    Baffles me mate, thanks anyway

    any other suggestions would be greatly appreciated.
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  6. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Have you created any services on the particular machines under your account?
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  7. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Non that I can think of
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294

Share This Page

Loading...