account lock out
- hi guys, please help with my problem. what does this mean.
Alert on SRVOAK at 7/3/2009 1:16:35 PM
An account was locked out due to multiple failed logon attempts that occurred in a short period of time. This may occur if an unauthorized user attempts to gain access to the network.
For more information about this event, see the event logs on the server computer.
You can disable this alert by using the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.
All Replies
I think the first thing to do is to ensure its NOT from the user itself. Some program requires user to enter the ID and password (and it stores these info within the program), and it uses them to authenticate when its running. If the user changes his/her password recently and has forgotten to update the software then this will happen as failure audit. An example is NTBackup, when you schedule backup to run at later time it always require you to enter the password (usually the admin password). So if you changed the admin password and not updating NTBackup, the process will fail because it could authenicate and you will see in your log file those failure security audit.
If you can rule out all possibility from internal, I am afriad you can't do much to stop external attacks. The only thing you can do is to implement a more secure policy. Things like complex password, firewall, etc. You may not be able to pin down the external IP address - they may use dynamic IP so no good blocking them.
Good Luck ...
Microsoft Certified: MCP, MCSA, MCSA Security, MCSE, MCSE Security.- Proposed As Answer byShady Kfoury Saturday, July 04, 2009 10:34 PM
