I'm hoping there's a way to figure this out. My issue is: I have a generic user account (yes, I know this is bad) logging in through the Middle Tier. This account logs in from many different workstations simultaneously. Every once and awhile this account gets locked (someone sets something on a keyboard, etc.) In ConsoleOne under the Restrictions tab the "Last intruder address" shows the IP address of the Middle Tier server, which is the same for everyone. When I go to https://mtaddress/oneNet/NSADMIN to look at the IP specific to the machine, I see the unique IP's of the individual workstations, with the generic user account (yes, I know this is bad) right next to it, which doesn't do me a lot of good. I see login time, but there are so many users logging in with this particularID it doesn't really help.

The question is: is there a way for me to "see" which workstation, not user, is creating a locked account? when they are accessing the NW6.5 sp4 box. The NW 65 box is running edir (the user is authenticating against) and the Middle Tier.

Thanks for any help on insight,