Figuring out which task/service is locking my machine out

Trepidati0n

[H]F Junkie
Joined
Oct 26, 2004
Messages
9,269
Our IT guy is a bit swamped right now and trying to figure out how to solve this issue. Recently after a password reset something on my machine did not update with the new credentials. It was confirmed it was "my machine" doing it (not a machine I was logged onto somewhere else). Is there any guide out there to track down the offender? I have the lockout status app from MS but not sure how to use it beyond it telling me "yes, something is doing bad passwords".
 
If the attempt is inside your network and you are talking about domain credentials, you should be able to glean some information from the security event log on the domain controller for which its trying to authenticate. More in-depth details and insights come from third-party tools, unfortunately... but you should be able to track hostname and other information from the event viewer on the DC.
 
^ This. You should be able to log on any DC to see the lockout event and which actual DC server was hit to cause the lockout. Then log on that DC and see the actual failed calls that forced the lockout.

9 times out of 10, it's something with outlook/exchange causing the lockout with old creds. It keeps retying bad creds until it gets locked out. This is also why it's recommended to not have lockout turned on at the domain level, as it's more trouble than it's worth and can be used as an attack vector (Locking out admins from their own accounts etc.).
 
Don't forget about manually mapped network drives tied to your account if you have them.
 
Back
Top