Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
5 min read
Symptom
Account Lockouts in Active Directory
Additional Information
“User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.
Reason
The common causes for account lockouts are:
Troubleshooting Steps Using EventTracker
Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked.
2. Select search on the menu bar
3. Click on advanced search
4. On the Advanced Log Search Window fill in the following details:
Once done hit search at the bottom.
You can see the details below. If you want to get more information about a particular log, click on the + sign
Below shows more information about this event.
Now, let’s take a closer look at 4740 event. This can help us troubleshoot this issue.
Resolution
Logon into the computer mentioned on “Caller Computer Name” (DEMOSERVER1) and look for one of the aforementioned reasons that produces the problem.
To understand further on how to resolve issues present on “Caller Computer Name” (DEMOSERVER1) let us look into the different logon types.
How to identify the logon type for this locked out account?
Just like how it is shown earlier for Event ID 4740, do a log search for Event ID 4625 using EventTracker, and check the details.
Logon Type 7 says User has typed a wrong password on a password protected screen saver.
Now we understand what reason to target and how to target the same.
Applies to
Microsoft Windows Servers Microsoft Windows Desktops
Contributors
Ashwin Venugopal, Subject Matter Expert at EventTracker Satheesh Balaji, Security Analyst at EventTracker
Download Whitepaper Now!
Netsurion’s managed platform approach offers you unmatched flexibility and scalability. Use our Solution Advisor Wizard to customize a solution to best fit your needs.
Solution Advisor Wizard
Cybersecurity 7 min read
Cybersecurity 5 min read