Greetings, You mentioned that the event viewer did not provide much information. You could enable auditing for logon-logoff failure and success. Also assign the user login only from one computer (MAC address or computer name based).
Enable auditing for process on the client machine. Maybe monitor which process uses the Win Logon module Cheers Gill -----Original Message----- From: Lists [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 25, 2002 1:41 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: NT4 Account keeps getting locked out! Network info: NT 4 server network with W2KPro clients. Situation: We have a user that keeps getting their NT account locked out for reasons that we are not yet aware. Unable to get much info from Event Viewer on NT4 servers or W2KPro client. Don't know if this is being done by someone intentionally (somewhere on the network or from the client's computer) just to give us a hard time, or a rouge program somewhere on the network or client's computer trying to logon as that user. At this time, we are not ruling anyone out, everyone is suspect. We have replaced the client's computer (not totally, user copied shortcuts and some files back to the new desktop...I know, if it was up to me they would not have been allowed to do this, but it's not up to me) and the account is still getting locked out. We are in the process of creating a new NT account for this user and see if it still occurs. Bottom Line: We need to find out what is causing this account to get locked out and prevent it from happening again. Some thoughts: Is there third party software that will be able to determine what is causing this account to get locked out? Some sort of sniffing program on the server or the client to find out what program is trying to logon with this account and from where? If this is a user doing this intentionally, what are they doing and from where? Are they trying to connect remotely to the client�s registry, or to a share on the client computer? Is there third party software that can help? Any suggestions/recommendations welcome. Thanks, Jack
