This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 23%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
An account lockout event code 4740 (User account XXX was locked from computer T00050068-RGB01) has occurred on our network twice for non-essential AD accounts however I do need to find the cause for security purposes. The caller machine name is T00050068-RGB01 - is this a vendor specific id that rings a bell with anyone? Google search has nothing. The caller IP address is the same as the machine name - no IP address provided. How can the identity of the machine be determined as its not part of the domain?
Hi Ben,
Something is triggering the account logout (most likely something is trying to login with an old credential). In the past, I have seen a person's machine/phone trying to use AD credentials to connect to WiFi (if you use Radius/NPS) to authenticate.
If it isn't WiFi, then it is some application trying again and again with wrong/expired credentials.
If this is helpful please accept as answer or upvote.
Best regards,
Dillon Silzer, Director | Cloudaen.com | Cloudaen Computing Solutions