Jump to content

Recommended Posts

Posted

When I receive an account lockout notification, it would be nice to know what the calling computer is (i.e., where the lockout is originating from) without having to dig into Event Viewer and try to remember the Event ID associated with the lockout. For the record, it's Windows Event ID 4740. The last line in this event contains the information I am after:

 

Caller Computer Name: BAD_COMPUTER_NAME_HERE

 

This would help track down the source of the account lockout much quicker than simply seeing which account is locked out.

 

Thanks for everything you've already crammed into this excellent system!

 

Posted

Excellent idea!

If we extend this info to debugging, then there might also be an option to sort locked accounts by LOCKOUT TIME, so admin would know, which computer started with malicious activity.

Would be very helpful in case of Conficker and other network spreadable viruses

viruses.

  • 1 month later...
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...