Re: NT User A/C Lock

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 08/11/05

• Next message: Steven L Umbach: "Re: Terminal servers missing required certificates"
• Previous message: Steven L Umbach: "Re: 000,000s of logon/logoff events"
• In reply to: eo: "NT User A/C Lock"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 10 Aug 2005 19:30:33 -0500

That can be caused by several things such as the use of persistent user
credentials in network shares, XP stored credentials. Scheduled Tasks, an
application, a service account, or being logged onto another computer. What
can help is to enable auditing of "logon events" on domain computers and
account management for the domain controllers. The security logs of domain
controllers will show account lockout events and the domain computers will
record a logon failure due to an account lockout. Correlating these events
can help you find the computers involved in the account lockout. You can use
Event Comb to search your computers and domain controllers for specific
Event ID's. The links below should also help. --- Steve

http://www.microsoft.com/downloads/details.aspx?FamilyID=8c8e0d90-a13b-4977-a4fc-3e2b67e3748e&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

"eo" <eo@eo.com> wrote in message
news:eeSo8FCnFHA.2180@TK2MSFTNGP15.phx.gbl...
> It's found that some users account locked suddenly.
> The a/c lock is not caused by user fail to attempt password.
> The a/c locked suddenly during user normal operation...
> user is successfully logon into the workstation already.
>
> 1) It's under NT domain environment
> 2) the problem happen after users have changed their password
>
> Can anyone help?
> thanks
> eo
>
>

---

• Next message: Steven L Umbach: "Re: Terminal servers missing required certificates"
• Previous message: Steven L Umbach: "Re: 000,000s of logon/logoff events"
• In reply to: eo: "NT User A/C Lock"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: account locks out ... Many programs cache credentials, keep active threads in use, and do not ... The Account lockout threshold policy setting may be set too low. ... A user is concurrently logged on to multiple computers. ... Make sure the client has the latest service packs installed. ... (microsoft.public.win2000.active_directory) Re: Account lockout - leads to Exchange server ... there is a mail client on the network with stored credentials. ... Troubleshooting Account Lockout ... I have also used the account lockout tools, ... (microsoft.public.windows.server.active_directory) Re: Automatically user lockout - big problem ... Check the security logs of the domain controllers to ... By default logging of account ... Comb can be used to scan domain computers for that account lockout event. ... (microsoft.public.windows.server.security) RE: Finding Domain Service Running Every 12 Hours ... we can enable the Audit Policy settings in the ... Default Domain policy on the domain level to record the account logon ... When the account lockout occurs, we can retrieve both the Security ... To determine the domain controllers that are involved with the lockout, ... (microsoft.public.windows.server.general) Re: Ad2003 - locked-out accounts are not unlocking automatically ... What is the scope of the problem exactly? ... What do you see in the event logs of the domain controllers (seems like ... Account lockout threshold: 10 invalid logon attempts ... The only way to unlock that account is user the VBS script with this ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)