Hello dear community,
I have enabled my DC to log 'audit process tracking ' in local policies: success and failure.
the goal is to identify the process locking out accounts.
i'm able to filter out events on 4625 but for some reasons the field 'caller process name' is empty.
can anyone suggest me a step to resolve this ?
PS: For test purpose, i typed wrong password many times on a web application portal that use AD accounts. The account gets locked but no process name. I even tried locking the account through shares in vain.