Jump to content

Detailed account lockout information


Recommended Posts

When I receive an account lockout notification, it would be nice to know what the calling computer is (i.e., where the lockout is originating from) without having to dig into Event Viewer and try to remember the Event ID associated with the lockout. For the record, it's Windows Event ID 4740. The last line in this event contains the information I am after:


Caller Computer Name: BAD_COMPUTER_NAME_HERE


This would help track down the source of the account lockout much quicker than simply seeing which account is locked out.


Thanks for everything you've already crammed into this excellent system!


Link to comment
Share on other sites

Excellent idea!

If we extend this info to debugging, then there might also be an option to sort locked accounts by LOCKOUT TIME, so admin would know, which computer started with malicious activity.

Would be very helpful in case of Conficker and other network spreadable viruses


Link to comment
Share on other sites

  • 1 month later...
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...