G
Guest
Guest
Archived from groups: microsoft.public.win2000.security (More info?)
I'm on a Windows 2000 domain. We're on a single site with 3 DCs, all
configured as GCs. There are approximately 350 users.
We have a service account that's suddenly continually locking itself out. I
understand that someone somewhere has probably configured something to start
using the credentials of this account and probably fat-fingered the password,
but I need to determine this down to a machine if possible. We have about 35
servers and it will be a huge headache to scour every single machine.
The security event log doesn't seem to show me the machine that the lockout
is occurring on. The log is set to have a max size of 100 MB and overwrite
events as needed; I've exported it to prevent anything relevant from being
overwritten. The domain auditing policy is as follows:
Account Logon Events S, F
Account Management S ,F
Directory Service Access S, F
Logon Events S, F
Object Access S, F
Policy Change S, F
System Events F
Any help would be appreciated.
I'm on a Windows 2000 domain. We're on a single site with 3 DCs, all
configured as GCs. There are approximately 350 users.
We have a service account that's suddenly continually locking itself out. I
understand that someone somewhere has probably configured something to start
using the credentials of this account and probably fat-fingered the password,
but I need to determine this down to a machine if possible. We have about 35
servers and it will be a huge headache to scour every single machine.
The security event log doesn't seem to show me the machine that the lockout
is occurring on. The log is set to have a max size of 100 MB and overwrite
events as needed; I've exported it to prevent anything relevant from being
overwritten. The domain auditing policy is as follows:
Account Logon Events S, F
Account Management S ,F
Directory Service Access S, F
Logon Events S, F
Object Access S, F
Policy Change S, F
System Events F
Any help would be appreciated.