How to Find Where My Account Locked Out

1. To find the Machine that is locking the account out
  1. Use the Account Lockout Status (LockoutStatus.exe) tool to find the Domain Controller where it locked out
  2. Logon to that DC and filter the Security Event Log for 4740
  3. In the details of the 4740 event

Additional Information:
Caller Computer Name:


2. To find the application or process locking out the account
  1. Enable the following audit local policy settings on the Caller Computer Name (The source computer or workstation identified above)

Compute Configurations -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy:

Audit process tracking: Success , Failure

Audit logon events: Success , Failure


  1. On the Caller Computer Name filter the Security Event Log for 4625

Caller Process Name is the process that is locking it out



Ref Links:

Why Aren’t My Windows Audit Policies Working?





Categories: Uncategorized

Leave a Reply

%d bloggers like this: