Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Account lockout - no audit failures on DC

Status
Not open for further replies.

canadajoe

IS-IT--Management
Jun 14, 2006
45
CA
I have an admin account to update mcafee that gets locked out every night but when looking in the security events on the DC I can find no logon failures for that account. I can't determine what system is locking the account if I can't find these. Has anyone else had this problem?
 
What are you logging on your DC? What are you pushing out to the domain as needing to be logged?
 
Possibly an automated/scheduled brute force attack, trying to login to another server/workstation? Wouldn't necessarily be logged in the DC event log if it's a domain account.

Can you restrict this account only to log into one machine? Or is this a service that runs on multiple machines? If just one machine, restrict that user account to it.

I guess that leaves ME with a question:

If a user account is restricted to login to only one machine, and someone is attempting to login with that account on a different machine...would that account get locked out if it exceeds the logon attempt count???

Hope This Helps,

Good Luck!
 
Aren't all domain logons logged on the DC? This is an account set in the properties of the Mcafee console to update dats from one of our internal servers but not all servers are failing to update. Every day the service account is locked out.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top