Re: User Accounts Keep Locking Out

From: David Grant (dpgrant@blueyonder.co.uk)
Date: 01/24/03 

From: "David Grant" <dpgrant@blueyonder.co.uk>
Date: Fri, 24 Jan 2003 00:31:29 -0000

John

Are you sure the accounts are being locked out, and that you havent set the
passwords to expire after a certain time. By the way - the built in admin
account cannot be locked out, and most password cracking tools can identify
this account no matter what you name it.

just a thought

Dave

"John" <john@mousehut.com> wrote in message
news:c160e0ea.0301231433.5f023882@posting.google.com...
> Hey All:
>
> Running a Win2k Web Server and am having a problem with all user
> accounts being locked out every few weeks or so except the original
> admin account (which was renamed).
>
> I am guessing there is some tool out there that can read the user
> accounts on a machine and then is automatically trying to crack the
> passwords. Of course, the machine is set to lock people out after 3
> bad attempts so that's not getting to far and we enforce tough
> passwords.
>
> So, my question is, is there any way to stop this? Can anything be
> done or do I have to live with unlocking everyones account every few
> weeks (hope not).
>
> Any help would be greatly appreciated.

Relevant Pages

  • Re: Account lockouts
    ... for reusable passwords and the AAA infrastructures that rely upon them? ... In that context, account lockout policy -- duration, threshold, lockout ... > cracking attacks. ...
    (microsoft.public.security)
  • Re: Deleting Admin Account
    ... administrative level account to change the Type of the Admin account ... created to a limited account (or create yourself a third account - non-admin ... The built-in administrator cannot be changed from the administrative level, ... You should password protect (with different passwords would be best) each ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Blank Passwords, Complex Requeirements and Problems...
    ... The account would then have: 544 = normal account with "Password Not Required" bit = on ... wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... As far as i know, the Win2003 AD never had a "free" Default Domain Policy to allow that, the DDP is the Default since the initial build of th AD. Ok, let's say that an Admin disabled temporarily th DDP for a few moments and allowed certain accouns to be created with blank passwords. ...
    (microsoft.public.win2000.active_directory)
  • Re: OT: dealing with keystroke loggers
    ... what's the practical solution to deal with s/w keystroke loggers ... Researcher refutes Microsoft's account of hijacked Hotmail passwords ... passwords were obtained in a massive phishing attack. ... "Everyone who suspects that their account has been compromised should ...
    (alt.sys.pc-clone.dell)
  • RE: Threat vector of running a service using a domain account
    ... Cachedumps are for local logon password dumps. ... Lsadumps retrieve the passwords in plaintext (each char. ... Cachedump, which again, doesn't work so well against the latest versions ... Threat vector of running a service using a domain account ...
    (Security-Basics)