Why is the user account being lockout?Approximately once a week,the user account is lock out althoughwindows XP is configured to autologon and start the programneeded for this computer. Therefore, the password is not manually entered for this account. The accountlockout is discovered when the computer is rebooted orupon restart afterthe computer is shutdown. I havechecked the local security setting - User rights assignments"Deny logon locally" for user and administrators is not listed and have also verified that Security Options "Interactive logon" Interactive logon: Do not require CTRL+ALT+DEL is enable. Also, I have verified the user's permission for the software folders in HKLM, HKU, and HKCU have full control.

Hello, Actually, expect logon, there are many other possible way a user account needs authentication with domain controller, such as mapped network drive, service, stored password and etc.When the authentication attempt fails with the wrong password, the user account will be locked according to the password policy. To troubleshoot account lockout issues, you may check the following: Currently, let's perform the following settings to eliminate the issue: 1. We need to remove the previous password cache, which may be used by some applications and therefore cause the account lockout problem. To do so: 1) Click Start, click Run, type "control userpasswords2" (without the quotation marks), and then click OK. 2) Click the Advanced tab. 3) Click the "Manage Password" button. 4) Check to see if these domain account's passwords are cached. If so, remove them. 5) Check if the problem has been resolved now. 2. On that user's computer, please also check the mapped drive, scheduled tasks to see if something is still using the previous (incorrect) password of the user. 3. Check whether there are services running with the credentials of the problematic user account: 4. In addition, I wonder what value is set as the Account Lockout Threshold in the domain password policy? You can check the following article for more information: 315585 Troubleshooting account lockout problems in Windows Server 2003, in http://support.microsoft.com/?id=315585 Please then check if the problem has been resolved. If the problem still persists, we need to perform further research by checking the event logs. I understand you have enabled logon auditing on the domain level and I just want to verify you have enable the correct settings to check the security event logs on all domain controllers. Step 1. Enable Auditing at the Domain Level: ======================================== To effectively troubleshoot account lockout, please make sure you enable auditing policy at a domain level GPO (for example, the Default Domain Policy) for the following events: - Account Logon Events - Failure - Account Management - Success - Logon Events - Failure Step 3. Analyze the event logs: ======================================== After the account lock issue occurs, we can analyze all the Security event logs on all the domain controllers to see what client/process caused the account lockout problem. To simply the operations, you can use the EventCombMT.exe tool, a multithreaded tool, to gather specific events from event logs from several different computers to one central location and then search those event logs for specific data of interest. The specific search for account lockouts has built into the tool. The following are steps to use this tool: 1. Download the EventCombMT utility from following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e Note: The EventCombMT utility is included in the Account Lockout and Management Tools download (ALTools.exe). 2. Start EventCombMT. 3. On the File menu, click Set Output Directory, select an existing folder, or click New Folder to create a new folder to save the output to, and then click OK. Note: If you do not specify an output directory, the default location is C:\Temp. 4. On the Searches menu, point to Built In Searches, and then click Account Lockouts. 5. All domain controllers for the domain appear in the "Select To Search/Right Click To Add" box. Also, in the Event IDs box, you see that event IDs 529, 644, 675, 676, and 681 are added. 6. In the Event IDs box, type a space to the end of the of existing line, and then type 12294 after the last event number. Therefore, the line should be "529 644 675 676 681 12294" (without the quotation marks). 7. On the Options menu, click "Set Data Range" to choose an appropriate data range. 8. Click Search. 9. You can then analyze the report files to see where each account lockout issue occurred. If you need our further assistance on this, please send me the EventCombMT output files at tfwst@microsoft.com. For more information, see the Help file that is included with the tool. 824209 How to Use the EventcombMT Utility to Search Event Logs for Account http://support.microsoft.com/?id=824209 Hope this helps.