Re: Account Being Locked Somewhere
- From: "Andrew Hayes" <AndrewHayes@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 18:40:50 +0900
Turned on all the auditing and waited for it to be locked. Saw this:
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 644
Date: 8/22/2006
Time: 4:53:39 PM
User: NT AUTHORITY\SYSTEM
Computer: DOMAINCONTROLLER
Description:
User Account Locked Out:
Target Account Name: USER
Target Account ID: DOMAIN\USER
Caller Machine Name: DATABASESERVER
Caller User Name: DOMAINCONTROLLER$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x000)
It seems he had an old Remote Desktop Connection to the database server that
he had logged in with an old password. Rather than logging off, he had just
closed the window which kept the RDC session open. It must be occasionally
trying to connect using the supplied credentials for some reason.
Connected to the database server, ran Terminal Services Manager, and logged
him off.
Will see if that was the only culprit.
.
- Follow-Ups:
- Re: Account Being Locked Somewhere
- From: Roger Abell [MVP]
- Re: Account Being Locked Somewhere
- References:
- Account Being Locked Somewhere
- From: Andrew Hayes
- Re: Account Being Locked Somewhere
- From: Andrew Hayes
- Re: Account Being Locked Somewhere
- From: Brian Delaney [MSFT]
- Re: Account Being Locked Somewhere
- From: Andrew Hayes
- Account Being Locked Somewhere
- Prev by Date: Re: Account Being Locked Somewhere
- Next by Date: Re: enabling LDAP over SSL: Enterprise CA in separate AD tree
- Previous by thread: Re: Account Being Locked Somewhere
- Next by thread: Re: Account Being Locked Somewhere
- Index(es):
Relevant Pages
|
