Check the user loing log file in a Windows 2000 system, and analyze the login activities for the last 24 hours. Some information about user log is:
EventID Description
------- -----------
514 An authentication package
has been loaded by the LSA
515 A trusted logon process has registered with
the LSA
518 A notification package has been loaded by the Security
Account
Manager
528 Successful Logon
529 Logon Failure: Unknown user name or bad
password
530 Logon Failure: Account logon time restriction violation
531
Logon Failure: Account currently disabled
532 Logon Failure: The specified
user account has expired
533 Logon Failure: User not allowed to logon at this
computer
534 Logon Failure: The user has not been granted the
requested
logon type at this machine
535 Logon Failure: The specified
account's password has expired
536 Logon Failure: The NetLogon component is
not active
537 Logon Failure: An unexpected error occurred during
logon
538 User Logoff
539 Logon Failure: Account locked out
644 User
Account Locked Out
And more details can be found here.