I set up an account - as I always do, by copying an existing account.

After testing, I gave it to my (remote) client.

Whenever he tries to use it, it fails.

I examine the account and it is "locked out"

He tries again - no problem.

The next time he logs on the process starts over again.

The only way I know of to cause a lockout is more than x invalid logon
attempts, which I am confident is not the cause.

Does anyone know of another way ?

Thanks in advance

JM

Jim Matthews wrote:

Hi,

One possibility is a hacker trying to get in. Or, a service trying to use
the account. Microsoft recommends that the lockout threshold be set to at
least 10. Partly, this is because sometimes a single logon attempt will
result in 2 or 3 attempts, as the client tries several protocols to
authenticate.

When an account is locked out, several attributes are updated in AD on the
DC where the attempt failed. These are badPasswordTime and badPwdCount. If
you know on which DC the user was locked out, you can use ADSI Edit to view
these attributes. Also, I have a sample VBScript program that retrieves this
information for all locked out users. The program is linked on this page:

http://www.rlmueller.net/LockedUsers.htm

The purpose of this program is to help troubleshoot problem like yours.

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--

Many thanks - I will check that out !!

"Richard Mueller [MVP]" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in
message news:%23dE3YVL$DHA.3284@TK2MSFTNGP09.phx.gbl...