on win 2003 weae getting continuous failure audits, and therefore the problem is that people's accounts are locked out.is there a machine hacking away or some other error?for example event will sayevent id 680user:nt authority\systemDescriptionlogon attempt by: microsoft authentication package v1_0logon account: jamessource workstation: pc1error code 0xC0000234sometimes we get event 539 to indicate account locked out.we get a continuous failure audits, logon account goes through different usernames, but source workstation stays the same.is the source workstation the problem? or could it be a windows error?cheers for clues.

Hi,Could be also the computer virus named Conficker.Please run Microsoft Malicious Removal Tool from january2009 and read this link:http://support.microsoft.com/kb/962007Also, aply this security update:http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspxHave a nice day! The Masterplan - MCSE,MCITP-EA http://winmasterplan.blogspot.com

yes ur right, got the target pc and attacks have gone.was worried what if in the event ids the stated workstation and source address was not the one.but probably window server auditing has tight rules toprevent false information.was kinda frightening seeing so many audits for legitate usernames and locking them out, do they just get usernames of shared folders?so you can imagine how many users turning up on your doorstep that can't login. the problem with this virus was that it caused disruption.are there any good web sites that document windows server attacks, all this auditing is good but scary if you can't comprehend.

hi there,i personally feel these viruses can attack a particular dll behavior, a end user might write an virus / trojan for some windows application ( as the API's are exposed its easy for a hacker / virus user to fish in his code or inject his code ) with which you will see undesired behavior.A concept of Dll injection which actually makes things go worse at times , but these things can be known only when users start reporing the issue , until then its tough for administrators / developers to keep track of virus.sainath Windows Driver Development

Hi,If you have antivirus software and Trojan Removal tools on clients and server, with proper configuration, you can protect your Network. You can download many security guides from the following website. Antivirus Defense-in-Depth guide and other security tools are also available. For detailed information, please refer to Security Solution Acceleratorshttp://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspxThanks. This posting is provided "AS IS" with no warranties, and confers no rights.