I have 2 users that are repeatedly getting locked out of the domain by a couple of computers that are repeatedly trying to login to their Exchange Accounts. The story is, these 2 users were using some sort of service to mine leads or something, and that service had access to their accounts. They cancelled this service awhile ago, and have since changed their passwords. They have contacted the company but they seem to be dragging their feet with getting this issue fixed.
So my question is, if I know the names of the machines that causing the lockouts by repeatedly trying to access their Exchange accounts, is there a way to block those computer names?
These computers (i assume they are computers) are external. I am getting the names from the security logs. We have no machines with those names on our domain.
Thanks
Best Answer
Windows Firewall.
Go to
Inbound Rule
Create New Rule
Rule Type:
CustomProgram:
All ProgramsProtocol Type:
AnyWhich local IP address does this rule apply to
These IP Addresses and add the IP in. If it's a remote IP do it under remote IP.Action:
Block connectionWhen does rule apply:
Check allName & Description
: Self explanatoryClick Finish.