4/6/2024 0 Comments Jinitiator for windows 10You get two output files in temp, EventCombMT.txt and the more interesting %DCNAME%-Security_LOG.txt – the file gives you the dope you want in columns: Caller Computer Name (NetBIOS name of workstation that entered the final bad password attempt), and of course time, date, and Account Name.(in my example below – I’m only searching ITS-DC1 since LockoutStatus shows the last BadPwd was on my PDC Emulator) So enter EventID 4740, click Search and you are golden. well not-so-fast, three-digit EventIDs are Sooooo WindowsXP/2003.So we fire up the next tool – EventCombMT.exe Again, what are the event IDs… back to Goog… err, wait – Searchs->Built in Searches –> Account Lockouts Ok, that would then allow me to grep… err, filter the security event log on the locked DC for what machine made the invalid login request and caused the lockout.It queries for all DCs – then checks status on all. LockoutStatus.exe – simply File->Select target, enter short login name.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |