Wednesday, October 11, 2023

// // 4 comments

Step by Step Guide How to find the user Account Lockout Source Computer and Application

 In Today's post, I will discuss an easy way to find the source Computer and Application for your Account lockouts. Many End Users save their password somewhere in the Services, Applications, and Batch file and forget to update it after password changes. This is not a good practice to keep passwords in applications, scheduled tasks, and Windows services. It is always recommended to use GMSA accounts for Windows services or to use a dedicated service account for Windows services.


There are many reasons behind your Account Lockouts.


1. Services using your old login credentials
2. Applications using old login credentials
3. Network drives Mapped using expired Windows login credentials
4. Windows Scheduled Tasks using expired login password.

1. How to find source Computer Name from Domain Controller Security Events.

 
When the Administrator configures the domain controller, they configure the Account lockout threshold, which helps to lock the user account in case anyone tries to use/hack your account. This is very helpful to secure your login account and company Infrastructure. The account Threshold can be set to specify the number of times a user can attempt to log in using the wrong credentials before it locks out. Whenever your account gets locked out, it generates Event ID 4740. To find out the source of the Account lockout, login to the domain controller. Open Event Viewer-> Security Events     

                                                                                  

                                                    

The on Right side Pane click on Filter Current Logs-> In All Event ID's type 4740 and click on OK to search for Event ID 4740.