Return
-
Title
Sometimes Account Locked Out events in Windows Security log and ITAD log, do not have a corresponding event in the Change Auditor database. -
Description
While an account locked out event does exists in the "Windows Security" and when event logging is enabled in the "ITAD" log - running a query on the ChangeAuditor database does not return a valid corresponding event.Consider the following situation...A user types their password wrong multiple times, enough to be locked out.A Lockout event is generated via Change Auditor.After a set amount of time, the user's account is automatically unlocked by Active Directory.The user continues to type the wrong password, and locks them self out again.No Lockout event is generated via Change Auditor, yet Windows Security log and event logging (ITAD) record an account locked out event.
Sign In Required
You need to be signed in and under a current maintenance contract to view premium knowledge articles.