Posted on by filip

I thought I start of this blog with adding helpful scripts and tips I get to use.

 

Here is the first and a very helpful tool from MS

  1. RunĀ LockoutStatus.exe.
  2. Enter the username and find out which of your DCs was the source of the lock (“Orig Lock” column) and when it happened (“Lockout Time” column).
  3. Examine the Security log on the DC at that time and you will usually be able to pinpoint it to a specific machine.
  4. Once you have the machine it’s usually:
    • User has a scheduled task running in their name and their password has changed.
    • User has a disconnected RDP session.

Leave a Reply

Your email address will not be published. Required fields are marked *