5 min read
Account Lockouts in Active Directory
“User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.
The common causes for account lockouts are:
Troubleshooting Steps Using EventTracker
Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked.
2. Select search on the menu bar
3. Click on advanced search
4. On the Advanced Log Search Window fill in the following details:
Once done hit search at the bottom.
You can see the details below. If you want to get more information about a particular log, click on the + sign
Below shows more information about this event.
Now, let’s take a closer look at 4740 event. This can help us troubleshoot this issue.
Logon into the computer mentioned on “Caller Computer Name” (DEMOSERVER1) and look for one of the aforementioned reasons that produces the problem.
To understand further on how to resolve issues present on “Caller Computer Name” (DEMOSERVER1) let us look into the different logon types.
How to identify the logon type for this locked out account?
Just like how it is shown earlier for Event ID 4740, do a log search for Event ID 4625 using EventTracker, and check the details.
Logon Type 7 says User has typed a wrong password on a password protected screen saver.
Now we understand what reason to target and how to target the same.
Microsoft Windows Servers
Microsoft Windows Desktops
Ashwin Venugopal, Subject Matter Expert at EventTracker
Satheesh Balaji, Security Analyst at EventTracker
Download the Whitepaper
10 min read
5 min read