Security Basics mailing list archives
RE: Windows 2000 user login
From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Thu, 27 Mar 2003 15:07:49 -0500
Dump your PDC logs using DumpEVT or similar. Search the log files for the users user name or by the MS Security Event Code. This will give you all of the computer names that his account is trying to be accessed from. So in other words you will locate HIS true machine, plus any machine that may have a script under his account or if someone is trying to brute force his account, etc. Your password policy of 30 days is fine and is not the cause. Most likely it is user disfunction or their is a script/batch file/process trying to use the account and he forgot about it- which still applies to user disfunction. -----Original Message----- From: Wright, Bill To: security-basics () securityfocus com Sent: 3/26/2003 1:16 PM Subject: Windows 2000 user login I have never posted to this board, so hopefully I'm following the right procedures. My issue is that a user's account keeps getting locked out due to an aggressive password policy (30 days) and he claims that he isn't logged into multiple machines nor is he fat fingering his password. Is anybody aware of a product to find out where or how many Windows 2000 servers or workstations a user is logged into? My thinking is that he's logged into multiple machines under an old password that keeps locking him out. Thanks, Bill ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1 ********************************************************************** This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email. ********************************************************************** ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
Current thread:
- Windows 2000 user login Wright, Bill (Mar 27)
- RE: Windows 2000 user login John Tolmachoff (Mar 28)
- Re: Windows 2000 user login Su Wadlow (Mar 28)
- RE: Windows 2000 user login dave (Mar 29)
- RE: Windows 2000 user login dave (Mar 31)
- RE: Windows 2000 user login dave (Mar 31)
- RE: Windows 2000 user login dave (Mar 29)
- Re: Windows 2000 user login Chuck Swiger (Mar 28)
- <Possible follow-ups>
- RE: Windows 2000 user login Wright, Bill (Mar 28)
- Re: Windows 2000 user login Scott Cadwell (Mar 28)
- RE: Windows 2000 user login Robinson, Sonja (Mar 28)
- Re: Windows 2000 user login nightowlcat (Mar 28)
- Re: Windows 2000 user login H Carvey (Mar 28)
- RE: Windows 2000 user login Moeckel, Sharon (Mar 29)
- RE: Windows 2000 user login Andre Luis Braz Henrique (Mar 29)