This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Failed Logins

jarchibald
Engaged Sweeper

‎03-30-2020 08:21 PM

A couple of weeks ago, it seems like we had a hacking attempt. We changed all passwords and set a group policy for locking user accounts after x attempts.

Unfortunately we had an admin account keep getting locked which killed services that used that account. I have changed the services to new accounts and the admin account, every so often gets locked.

Is there a report to find what workstation/server is doing the failed login attempts and locking the account?


Thanks

Joe
Labels:
0 Kudos
1 REPLY 1
CyberCitizen
Honored Sweeper

‎03-31-2020 01:19 AM

Not in Lansweeper. This is an Event Log / Login Server Issue.

Check out the event logs on the machine for the lock / failed login. That should give you the IP address of the machine or Domain Controller. Then check that DC for the lockout attempts and that should give you the originating machine.
0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
li.common.scroll-to.top