Click here to get back home

2003 Domain Controller event id when an account is locked ?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
2003 Domain Controller event id when an account is locked ? Brian 01-03-2007
Posted by Brian on January 3, 2007, 4:16 am
Please log in for more thread options
 Hi. If possible could anyone please tell me what event entry is logged on a
2003 domain controller when a user locks their account e.g. by incorrectly
entering their password beyond the password policy threshold ?

Thanks for any help.

Brian



Posted by Roger Abell [MVP] on January 4, 2007, 3:48 am
Please log in for more thread options
 sec event id 539
see also
http://support.microsoft.com/kb/174074/ (incomplete)
http://support.microsoft.com/kb/840036

> Hi. If possible could anyone please tell me what event entry is logged on
> a 2003 domain controller when a user locks their account e.g. by
> incorrectly entering their password beyond the password policy threshold ?
>
> Thanks for any help.
>
> Brian
>



Posted by cdmeyer on January 4, 2007, 2:12 pm
Please log in for more thread options
The 539 event is logged on the server or workstation the user is on,
not on the Domain Controller (unless the user is trying to login
locally to the DC). See:
http://www.ultimatewindowssecurity.com/events/com200.html

On the domain controller, the events should be 644 (User Account Locked
Out) and 642 (User Account Changed).

Christopher Meyer - GCIH, CISSP

Roger Abell [MVP] wrote:
> sec event id 539
> see also
> http://support.microsoft.com/kb/174074/ (incomplete)
> http://support.microsoft.com/kb/840036
>
> > Hi. If possible could anyone please tell me what event entry is logged on
> > a 2003 domain controller when a user locks their account e.g. by
> > incorrectly entering their password beyond the password policy threshold ?
> >
> > Thanks for any help.
> >
> > Brian
> >


Similar ThreadsPosted
2003 Domain Controller not requesting certificate May 31, 2006, 2:53 pm
Account Being Locked Somewhere August 18, 2006, 6:50 am
Windows 2003 Domain Controller (Open Port 593) December 18, 2006, 4:48 pm
Account locked packets? March 15, 2008, 7:49 am
Create restricted user account, 2003 server AD domain November 10, 2005, 10:39 pm
Domain Controller That Service a DMZ October 29, 2005, 9:58 pm
Domain Controller Security January 13, 2006, 4:43 pm
Domain Controller Security Policy August 12, 2005, 4:31 pm
Want to make an Admin for only one Domain Controller April 7, 2006, 4:42 pm
Client and Domain controller across a firewall March 31, 2008, 5:32 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap