RE: 2K Server locking 98 users out

From: Moorhouse, Walt P (WaltPMoorhouse@eaton.com)
Date: 05/09/02 

From: "Moorhouse, Walt P" <WaltPMoorhouse@eaton.com>
To: 'Dave' <"dauern@cox.net"@cox.net>, focus-ms@securityfocus.com
Date: Thu, 9 May 2002 12:04:04 -0400

A couple of things that I have seen here that could relate to your problem:
1) If your users have signed on and ignored the "You password is about to
expire, Do you want to change it now?" dialog and said no, then left their
machines on, it will keep trying to use the password they gave it at the
beginning of the session.
2) Since it is happening only on 98 machines, that makes me think of the
Windows Password. Some of my people changed their password while offline or
at home, and subsequently, the domain password didn't change, just the
Windows Password. This got them out of sync, and they had to type in two
passwords to get in when they reconnected to the net. (The "old" domain
password, and the "new" Windows password.) I doubt you would have done
this, but it may somehow be related.

Also, this could be the result of an attack. If someone gained access to a
list of login names (perhaps a former employee) and is going through the
list trying to guess or brute force a password, this could lead to account
lockout. Do you have security auditing enabled and are you logging
successful and failed login attempts?

I hope this helps.
WPM

-----Original Message-----
From: Dave [mailto:"dauern@cox.net"@cox.net]
Sent: Wednesday, May 08, 2002 1:57 PM
To: focus-ms@securityfocus.com
Subject: 2K Server locking 98 users out

Hello all,

First of all, let me say that this/these list(s) are an incredible tool,
both for beginner admins and security freaks (and much more). OK, enough
mush. :)

I am domain admin on a 2K server serving about 60 users. Occasionally a
user's account will be locked, for absolutely no apparent reason that I
can tell. It's happened to my account quite a few times, in fact (not my
admin account). This seems to happen only to 98 machines... every
instance I can recall was on a 98 machine. While I can't speak for anyone
else's problems necessarily, the only odd thing I noticed about about the
instances where my account was locked is that my computer was usually idle
for an hour or more (long lunches). Does anyone have any recommendations
to perhaps point me in the right direction in resolving this? Thanks for
your help.

Dave

Relevant Pages

  • RE: local admin account password
    ... ease of use this provides you could change the account ... >> remotely patch all machines on that LAN. ... >> DCs diff admin password ...
    (Focus-Microsoft)
  • Re: Local administratotor rights on target machines
    ... Your users X can be a limited account in the domain, ... an admin on a selected set of client machines. ... I gave X more privileges than required. ...
    (microsoft.public.windows.group_policy)
  • RE: 2K Server locking 98 users out
    ... We've noticed similar situations on our network and in addition to the ... incorrect credentials and eventually locks out their account. ... Since it is happening only on 98 machines, that makes me think of the ... just the Windows Password. ...
    (Focus-Microsoft)
  • Re: Demoting users from admin to limited
    ... I have several XP Pro machines deployed at my small company's site ... Administrator, XP will not allow me to demote all accounts to limited. ... You can't change yourself to limited because you're using your account. ... the Safe Mode admin account instead to make your own admin account limited. ...
    (microsoft.public.windowsxp.basics)
  • Re: Admin Console Questions
    ... Machines are both Win 2000 SP4 ... I added the users to the SAP Admin Group on the site server ... I also did a "Run As" with my normal admin account for SMS as well as ...
    (microsoft.public.sms.admin)