Receiving account logon errors for disabled account
I'm getting this error in the event viewer: "The account "name of acct" was unable to logon as its disabled." I'm also getting this error in the Security log: "Logon failure for same Account, logon process IIS Logon type is 2." I'm using Windows 2000 Service pack 4, IIS 5.0.
I tried searching for files (NTFS permissions), IIS virtual directories, and COM+ services where this account is given permission but could not find any. Can you please where else should I check for this account being used?
Well, it sounds like the account isn't (and can't be) used since it's disabled, and that seems to be your intention. If you're asking for help identifying other access control lists (ACLs) that have that user account in an access control entry, there are countless types of objects with ACLs in Windows 2000. Active Directory objects, printers, the registry, services and shared folders are the most common. However, if the account is disabled, you can be comfortable that it will not be authorized to access anything (since it cannot be authenticated).
If you're asking where the requests are initiating from, check your IIS usage logs. Also, there may be a scheduled task or service that has been configured to use the account.
This was first published in January 2004