Every morning one of our admin accounts is locked out and something/ someone is doing it. I was wondering if there was a way to find out what computer name/ IP address was locking it out. Any thoughts?
It would be helpful to provide what sort of system or application you are talking about. Either way, there should be a log file somewhere that contains failed login attempts.
Answer depends on Windows or Linux. Assuming it's Windows, because this is more common on Windows.
Look in event viewer, security section. If not there, you need to set local security policies or else a group policy for your domain or OU.
This is a Windows system, and the event viewer is useless because it only says, "admin" was locked out on X time at X day. I know that. I can unlock the account. I believe a service is what is causing the account to get locked out but I don't know the service or the machine the service is running.
Make a group policy like asdf said.