When I receive an account lockout notification, it would be nice to know what the calling computer is (i.e., where the lockout is originating from) without having to dig into Event Viewer and try to remember the Event ID associated with the lockout. For the record, it's Windows Event ID 4740. The last line in this event contains the information I am after:

 

Caller Computer Name: BAD_COMPUTER_NAME_HERE

 

This would help track down the source of the account lockout much quicker than simply seeing which account is locked out.

 

Thanks for everything you've already crammed into this excellent system!

 

Thank you for the suggestion, we will integrate it in a future release.

 

Marius

Excellent idea!

If we extend this info to debugging, then there might also be an option to sort locked accounts by LOCKOUT TIME, so admin would know, which computer started with malicious activity.

Would be very helpful in case of Conficker and other network spreadable viruses

viruses.

Agreed very helpful to add. 

We are working on this.

Would be awesome!