sully213 Posted July 8, 2014 Posted July 8, 2014 When I receive an account lockout notification, it would be nice to know what the calling computer is (i.e., where the lockout is originating from) without having to dig into Event Viewer and try to remember the Event ID associated with the lockout. For the record, it's Windows Event ID 4740. The last line in this event contains the information I am after: Caller Computer Name: BAD_COMPUTER_NAME_HERE This would help track down the source of the account lockout much quicker than simply seeing which account is locked out. Thanks for everything you've already crammed into this excellent system!
Marius Posted July 8, 2014 Posted July 8, 2014 Thank you for the suggestion, we will integrate it in a future release. Marius
Labsy Posted July 11, 2014 Posted July 11, 2014 Excellent idea! If we extend this info to debugging, then there might also be an option to sort locked accounts by LOCKOUT TIME, so admin would know, which computer started with malicious activity. Would be very helpful in case of Conficker and other network spreadable viruses viruses.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now