I have a user who's account gets locked out every 10 minutes or so. This started today after she completed a policy-mandated password change. In addition to her normal workstation there are two additional computers (all windows 7) she logs into with some degree of regularity. In the course of troubleshooting the issue I had her shut down all three of her computers at once and with all three systems powered down the account continued to become locked out repeatedly. This particular user is a database administrator so I've been entertaining the possibility that her old credentials are statically set in one of her SQL database files. I downloaded and ran a utility called lockoutstatus.exe which showed a bad password count of 4 from a domain controller that she should not be authenticating to. How can I generate a log or otherwise track down the particular workstation, database, process or service that is trying unsuccessfully to authenticate using her (presumably old) credentials. Most of our servers are running Windows 2008 or 2012.
↧
