Re: Multiple Accounts Being Locked Out - HELP Please!!

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 01/27/05 

Date: Wed, 26 Jan 2005 20:08:00 -0500

JerryAMWE wrote:
> I am running a Windows NT 4.0 Domain with a PDC and BDC. We have
> about 800 users. What I noticed today is that each account is being
> alphabetically locked out because there are a lot of unsuccessful
> logon attempts (approx. 100 attempts per account). I noticed that
> the attacks were coming from 3 PCs. I removed the PCs from the
> network and checked to verify that the eventlogs on the PDC/BDC had
> stopped locking out accounts. About 30 minutes later, the problem
> started again from a different PC. The PCs I had removed were
> checked for spyware and viruses. One had the Bat.Noshare.v virus,
> the other was clean. The 4th PC that started causing the problem was
> also checked for viruses and spyware. It was also updated with
> critical patches, yet the problem persists. Please help!! I can't
> determine what is causing this and therefore, I can't find a fix for
> it.
>
> Sincerely,
> Jerry (At My Witts End)

Turn off account logoff. It could be a great way for someone to completely
mess up your network. I'm a recent convert to this view....I don't set it
anymore.
What's open in your firewall, inbound, to your network?
What are your client OSes?
Do users have local admin rights?
You need good, centralized antivirus software on all your PCs - kept updated
regularly, and with regular scheduled scans.
Pull the offending PCs off the domain/network while you look at them -

Relevant Pages

  • Re: WinNT 4 Wks Joining Win2k AD
    ... > Win2k PCs connect fine, but the WinNT 4 PCs cannot login to the network. ... > System cannot log you on to this domain because the system's computer> account in its primary domain is missing or the password on that account> is ... > I also get Event ID 3210 in the event log whenever trying to login to> the network from the problem PCs. ...
    (microsoft.public.win2000.active_directory)
  • RE: Windows 95
    ... Your problem here is almost certainly the "Microsoft network server: ... which are running Windows 95 and need access to the network. ... Client for window 95 on these PCs back when we did the AD migration and this ... his account gets locked out. ...
    (microsoft.public.win2000.networking)
  • Re: XP AND 2000
    ... Windows 2000 PC ... all PCs except the Windows 2000 machine are on the domain. ... The Windows 2000 PC can see some of the other PCs in 'my network ... Because it doesn't recognize the logged on account. ...
    (microsoft.public.windows.server.networking)
  • Re: XP AND 2000
    ... Windows 2000 PC ... all PCs except the Windows 2000 machine are on the domain. ... The Windows 2000 PC can see some of the other PCs in 'my network ... Because it doesn't recognize the logged on account. ...
    (microsoft.public.windows.server.networking)
  • Re: Userenv errors
    ... it seems like I'm getting these Userenv errors on several PCs, ... account in your domain? ... Windows 2000 Server and Windows ... PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were ...
    (microsoft.public.windows.server.sbs)