Share via

Why are some of my users accounts locking randomly?

Romar Peralta 0 Reputation points
2023-03-30T18:49:37.5833333+00:00

We recently have been getting complaints about accounts locking out randomly and we have been doing some looking at event viewer and other resources but have not found anything that would really tell us what is locking the account. Is there anything that we can use that will help us identify what is causing this lock outs. We have also seen in event viewer that sometimes this accounts get locked out by the network access control system that we have in place, is there a way to fix this or what can we do to identify the actual cause.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 10,051 Reputation points Microsoft Employee
    2023-03-30T22:48:12.2566667+00:00

    Users can obviously self-inflict a lockout by entering a bad password too many times. They could be using an application than amplifies this by resending the bad password repeatedly. This could also be a brute force or password spray attack. Tools like Defender for Identity or a SIEM like Sentinel might be used to detect trends and possibly sources of actions. An EDR solution like Defender for Endpoint might help to detect and remove malicious software used in the attack or communication with related malicious IP. Without these tools you can look at the logs and check with users to rule out user-inflicted issues. Maybe try to find bad password attempts coming from a common IP or device.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.