Jump to content

Detailed account lockout information


Recommended Posts

When I receive an account lockout notification, it would be nice to know what the calling computer is (i.e., where the lockout is originating from) without having to dig into Event Viewer and try to remember the Event ID associated with the lockout. For the record, it's Windows Event ID 4740. The last line in this event contains the information I am after:


Caller Computer Name: BAD_COMPUTER_NAME_HERE


This would help track down the source of the account lockout much quicker than simply seeing which account is locked out.


Thanks for everything you've already crammed into this excellent system!


Link to comment
Share on other sites

Excellent idea!

If we extend this info to debugging, then there might also be an option to sort locked accounts by LOCKOUT TIME, so admin would know, which computer started with malicious activity.

Would be very helpful in case of Conficker and other network spreadable viruses


Link to comment
Share on other sites

  • 1 month later...
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...