You might try this: Using the Checked Netlogon.dll to Track Account Lockouts (Q189541) http://support.microsoft.com/default.aspx?scid=kb;en-us;Q189541
> -----Original Message----- > From: Lists [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 24, 2002 1:41 PM > To: [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: NT4 Account keeps getting locked out! > > > > Network info: > > NT 4 server network with W2KPro clients. > > > Situation: > > We have a user that keeps getting their NT account locked out > for reasons that we are not yet aware. Unable to get much > info from Event Viewer on NT4 servers or W2KPro client. > Don't know if this is being done by someone intentionally > (somewhere on the network or from the client's computer) just > to give us a hard time, or a rouge program somewhere on the > network or client's computer trying to logon as that > user. At this time, we are not ruling anyone out, everyone > is suspect. We have replaced the client's computer (not > totally, user copied shortcuts and some files back to the new > desktop...I know, if it was up to me they would not have been > allowed to do this, but it's not up to me) and the account is > still getting locked out. We are in the process of creating > a new NT account for this user and see if it still occurs. > > > Bottom Line: > > We need to find out what is causing this account to get > locked out and prevent it from happening again. > > > Some thoughts: > > Is there third party software that will be able to determine > what is causing this account to get locked out? Some sort of > sniffing program on the server or the client to find out what > program is trying to logon with this account and from where? > > If this is a user doing this intentionally, what are they > doing and from where? Are they trying to connect remotely to > the client's registry, or to a share on the > client computer? > > Is there third party software that can help? > > Any suggestions/recommendations welcome. > > > > Thanks, > Jack > > > >
