0

We have a user who has two accounts (admin/non-admin) and a notebook. When he is working with his non-admin account, the admin account gets locked more that 5 times a day. It's very likely, that he saved his proxy credentials somewhere in a program on the notebook because the "Caller Name" in the event log is our proxy server.

Is there a way to get more informations, from where or which application is causing the lock of the user? The Eventlogs on the Domain Controllers dont help me much because the caller computer name is our proxy server.

Gaterde
  • 101
  • 3
  • Check the proxy logs? – duenni Sep 22 '17 at 10:54
  • @duenni we have a really simple proxy. It isnt capable to log details like this. It logs from where the user gets locked (computername) but not the applicationname. – Gaterde Sep 22 '17 at 11:11
  • I don't think it's possible to find any more detail from the logs than you already have, you'll need to go hunting on the PC. I've had the same issue a few times and have generally found it to be something saved in the Windows Credential Manager, try clearing out saved credentials from there. I've also seen proxy settings saved in Skype locking accounts. – martin81 Sep 22 '17 at 22:15

0 Answers0