Thread: Account regularly locked out

I adjusted my account lockout policy owner to lock a user account after five invalid attempts. Since that modify yesterday, I have had to reset my account three times. I have logged in without making a mistake on my password. I am thinking there is a scheduled task somewhere using my permit or there is somebody trying to guess my password. Is there software or an LDAP command that will show where my user account is being used to log in to the network?

eventcomb built-in search is helpful, in these cases, but if that does not help this is a tiny advanced to go deeper, shows all the NTLM based lockouts.

I generally do both at the same time to gather all the important data at the same time.

Please try eventcomb first.