Account Lockout Question/Problem
- From: Tom <Tom@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Oct 2008 11:24:01 -0700
We have two accounts that randomly get locked out, we have auditing enabled
on our DC so I can see Authentication attempts being made using both
accounts. Our account lockout policy is set to lockout accounts after 7
invalid logon attempts. The problem with diagnosing this is that when I check
the security logs in the DC the “source workstations:” come from various
sources such as \\localhost, \\84.120.100.240 \\FILECAF etc basically it
looks like the logon attempts are spoofing their source address. A couple of
users got spyware two months ago but we removed those systems from the
network. The usual suspects for account lockout problems such as mapped
network drives with invalid passwords and services with incorrect cached
credentials don’t apply here. How can I figure out where exactly these logon
attempts are coming from? Our DS’s are win2003 R2 SP2
.
- Follow-Ups:
- Re: Account Lockout Question/Problem
- From: Jorge de Almeida Pinto [MVP - DS]
- RE: Account Lockout Question/Problem
- From: Salvador Manaois III
- Re: Account Lockout Question/Problem
- Prev by Date: Re: Change default certificate duration ?
- Next by Date: Where's this logon attempt coming from?
- Previous by thread: Change default certificate duration ?
- Next by thread: RE: Account Lockout Question/Problem
- Index(es):
Relevant Pages
|
