Does Microsoft provide or plan to provide special tools to troubleshoot account lockouts in Windows 2000 and later domain environments?
From its early versions, Windows has shipped with a security feature known as account lockout that protects against account spoofing and hijacking. Account lockout assures that user accounts automatically become unavailable when a user fails to log on after entering a set number of bad passwords. The administrator uses a Windows domain's account lockout security policy to define the bad password threshold. In large networking environments with multiple domain controllers (DCs), account lockouts can be incredibly hard to troubleshoot because an account lockout can occur on every DC, and using the native Windows management tools to discover where the account lockout took place is difficult at best.
With the introduction of Windows Server 2003, Microsoft added some interesting new account lockout–related tools to its management-tool portfolio. You can use the tools to address Windows 2003 and Win2K account lockouts. Some of these tools also work with Windows XP. Microsoft provides some of these tools as part of the Microsoft Windows Server 2003 Resource Kit. All the tools are also available in a free downloadable software package at the Microsoft Web site. Table 1 provides an overview of these tools. . . .
The link is: http://netwrix.com/account_lockout_examiner.html
fmike7 September 14, 2007 (Article Rating: