What computer locked me out

So following on my other two posts Who locked me out? and AD Account Lockout is what is probably the last on this subject .. What computer locked me out.

Found this and its shweet: http://serverfault.com/questions/32633/how-to-check-who-is-currently-logged-on-to-windows-workstation-from-command-line

My problem today, was that some donkey was logging on to server using a service account, and getting the password wrong Disappointed smile and so locking the service account out!

So you can check on the server itself in the security log for event id 529. The hope is that this will show a Source Network Address.

What you can then do is use the following command with the Source Network Address to find the donkey that is using the computer and so locking the account out!

WMIC /NODE: <IP or hostname> COMPUTERSYSTEM GET USERNAME

This should return the username currently logged! How cool is that?!

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share this:

Like this:

Related

Leave a Reply Cancel reply