In Windows 2003 server native domain environment: XP Pro machines have no issues, but all ~10 PCs that have Win7 Pro (in different offices) have their domain accounts locked out randomly throughout the day. Workstations have no passwords listed in credentials management. Suspect it is something on the workstations that is sending incorrect logon and triggering the invalid password lockout limit on domain policy. Found MSFT tools to trace in XP, but nothing for Win7. Does anyone know how to use Procmon or similiar tool to trace such source on the workstations? Thank you. (Procmon.exe from systernals)

Did you try Account Lockout and Management Tools? http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

Yes, tried it, but unfortunately it didn't produce any results logs under Windows 7. It only supported Operating Systems: Windows 2000; Windows NT; Windows Server 2003

This doesn't help. I read, re-read this troubleshooting tips but no luck. Still searching for solution.

Same problem. Did everything as suggested. Took my account off the offending PC and removed all mapped drives and then put them in under users account and checked box making the user log in. Checked credentials and found none. Looked for my user name in the registry and found nothing. Cleared my profile as well a local profile that I used during setup where I might have accessed a server that would need my domain account credentials. Cleared everything out of IE. ran all the lock out tools that I could find trying to ID what process or service is connecting to the AD server with the wrong password. If only I could tell what process is attempting to log on I might stand a chance of resolving this problem. As it is I get locked out of the domain several times a day.

The above might have solved the problem... I'll report it back NOVAK

The first place to check unexpected account lockoff issues would be the security log of the server before starting to use any tools. Often these messages contain also a workstation name or an IP address used by the offending account (which can be interactive login or an account used to login a service or run a scheduled task forgotten with a password change). I agree in the context, that a moderator should not be able to mark his own post as answer, at least not that short after posting. But in general it helps to have a thread marked as answered and closed, even if the answer is not always fully perfect and fitting for each solution. (I'm moderator in some forums myself.) Best greetings Olaf

Hello, When our organization began rolling out Windows 7 unexpected lockouts started to occur. The folks getting locked out were using their smartcards to logon. I found that a Citrix Online Plug-in was in the Startup of the baseline configuration and the Citrix server is not configured to accept smartcard credentials. Each time a user logged on to their workstation the Citrix plug-in would attempt to sign on to the configured Citrix server. Because the server was not configured to accept smartcards the attempt counted as one failed attempt to logon using the Active Directory account. Most occurrences took place after receiving assistance from the helpdesk which caused a few reboots. After the third reboot and subsequent logon, the Active Directory account was locked due to meeting the incorrect logon threshhold. While that is not likely the case for you, it may assist in leading you to the cause. Hopefully that helped some. MagikD

i disagree. the OP already knows that his machine is the offender. the MS answer does not address the question that the OP is asking. please also note that noone has particular found the response to be very helpful. If there's nothing that can be done to help troubleshoot on the client side, just say so and tell us that it's something you are working on or something to that effect.