Event ID 644 lockouts Expand / Collapse
Author
Message
Posted 11/9/2010 12:01:46 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/9/2010 11:27:51 AM
Posts: 1, Visits: 0
I have a user whose AD account keeps getting locked out almost daily for about the past month or so.  We use NetIQ for log management.  I ran a forensic query against this user for that time period.  It shows Event ID 644 occured several times.  I am trying to understand the Event ID 644 in more detail.  The report shows details of the event.  I am trying to identify what system (workstation or server) may be causing the lockout with the users account.  I suspect there may be a drive attempting to get mapped or maybe a script/program running with this users account.  The 644 details show the Caller Machine Name and Caller User Name.

Can you define in more detail the definition of these parameters and how they might relate to this user's account that keeps getting a lockout?

 

Thank you for providing your expert knowledege in this matter.

 

Ray

Post #530
Posted 11/9/2010 9:05:08 PM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
I think this may help you: Account Lockout and Management Tools from Microsoft at

http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en  

Post #531
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 1:24am