How to track and troubleshoot User Account Lockouts with LepideAuditor

Account lockouts are an important part of preventing security breaches, as they prevent users with malicious intent from attempting to guess passwords. You can configure Windows Servers using Group Policies to respond to this type attack by locking the user account in question.

The “Account Lockout Policy” setting determines the threshold that needs to be met in order to lock the account. This setting can be configured in the following location in Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy

Once a user logs a request that their account has been locked, you, as a system admin, have to determine why the account lockout occurred. To track, you must find the relevant logs and draw information from them. Once you have found the cause and taken appropriate action, you can unlock the account or reset account’s password, so that user can continue to work as normal.


How to track User Account Lockouts?

LepideAuditor have multiple predefined reports to show all changes made in Active Directory. “User Status Change Report” shows all changes made in the status of user accounts such as lock, unlock, enable, or disable.

Figure 1: User Status Modification Report

When you right click on a record, three options are available in the context menu:

1. Unlock: Use this option to unlock the account.

2. Reset Password: Use this option to reset the account’s password.

3. Investigate: Use the third option to inquire into the account unlock.

How to troubleshoot User Account Lockouts

You can use LepideAuditor to track Active Directory account lockouts and troubleshoot them. The below image shows the account lockout report. Information such as User Name, when the account was locked out, and from which system is all available in separate columns.

When you right click on a record, three options are available in the context menu:

  • Unlock: Use this option to unlock the account.
  • Reset Password: Use this option to reset the account’s password.
  • Investigate: Use the third option to inquire about the tasks, services, and objects that will be impacted because of this lockout.
Unlock User Account

When you click the “Unlock” option in the context menu, a message appears on the screen - “Unlocking user account. Please wait…”.The following image shows the account unlock message. Once the process is complete, the user can logon using the same account:

Reset Password

When you select this option, the “Reset Password” dialog box appears:

Investigate

When you select this option from the context menu, “Lockout Investigator” window appears on the screen.It lets you investigate what all objects, tasks, sessions, or services will be impacted because of selected user’s account lockout.

The process of tracking user account lockouts with Lepide Active Directory Auditing Solution is very straight forward, as you can see all the locked-out accounts in a single report and troubleshoot them from there. Download the free trial to see for yourself how easy it is to use LepideAuditor.



Download LepideAuditor

Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All trademarks acknowledged.