Pugazhnetwork

You'll find approvals and who/when it occurred in the CHANGE.LOG contained in %ProgramFiles%\Update Services\Logfiles.

Task kill https://technet.microsoft.com/en-in/library/bb491009.aspx Ends one or more tasks or processes. Processes can be killed by process ID or image name. Syntax taskkill  [ /s   Computer ] [ /u   Domain\User   [ /p   Password ]]] [ /fi   FilterName ] [ /pid   ProcessID ]|[ /im   ImageName ] [ /f ][ /t ] Top of page   Parameters /s       Computer       :   Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer. /u       Domain   \   User       :   Runs the command with the account permissions of the user specified by   User   or   Domain \ User . The default is the permissions of the current logged on user on the computer issuing the command. /p       Password       :   Specifies the password of the user account that is specified in the   /u   parameter. /fi       FilterName       :   Specifies the types of process(es) to include in or exclude from termination. The following are valid filter names, o

Source:        Microsoft-Windows-DistributedCOM Event ID:      10016 Level:         Error User:          SYSTEM Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container not available SID. This security permission can be modified using the Component Services administrative tool. --- Step 1: Open your event viewer, and make note of the ID’s. In my example, the id’s are: CLSID :  {D63B10C5-BB46-4990-A94F-E40B9D520160} APPID:  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} Also make note of the permission required. In my example, these are: Local Activation  permission is required for user  NT AUTHORITY\SYSTEM It’s OK if your ID’s and permissions differ from mine. Just use your own values

Possible Root Causes for Account Lockouts ? Persistent drive mappings with expired credentials ? Mobile devices using domain services like Exchange mailbox ? Service Accounts using cached passwords ? Scheduled tasks with expired credentials ? Programs using stored credentials ? Misconfigured domain policy settings issues ? Disconnected Terminal Server sessions

Powershell to check the remote servers RDP session status:     $ComputerName = Get-content c:\servers.csv     $username = 'clusteradmin'     foreach ($Computer in $ComputerName) {         try {             quser /server:$Computer 2>&1 | Select-Object -Skip 1 | ForEach-Object {                 $CurrentLine = $_.Trim() -Replace '\s+',' ' -Split '\s'                 $HashProps = @{                     UserName = $CurrentLine[0]                     ComputerName = $Computer                 }                 if ($CurrentLine[2] -eq 'Disc') {                         $HashProps.SessionName = $null                         $HashProps.Id = $CurrentLine[1]                         $HashProps.State = $CurrentLine[2]                         $HashProps.IdleTime = $CurrentLine[3]                         $HashProps.LogonTime = $CurrentLine[4..6] -join ' '                         $HashProps.LogonTime = $CurrentLine[4..($CurrentLine.