Re: Account lockouts help

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/14/05 

Date: Tue, 13 Sep 2005 18:05:14 -0500

Generally that means that they may still be logged onto another computer
with old credentials [ possibly via Terminal Server?] or that they are using
old credentials for a Scheduled Task, persistent mapped drive, or have old
"stored credentials" on a Windows XP Pro computer. If you have enabled
auditing of "account logon" events and account management in Domain
Controller Security Policy and have auditing of "logon events" enabled for
domain computers you can usually track down what computer is causing the
lockout and proceed from there. The free Event Comb utility from MS makes it
easy to search domain controllers and domain computers for specific events
and text strings such as user names. The link below may help and the
excellent white paper on account passwords and policies has a lot of good
info. FYI Microsoft recommends no less then ten bad attempts as a lockout
threshold if you use account lockout as a single bad logon event can trigger
multiple bad logon attempts on the domain controllers. --- Steve

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

"Jon LaBarge" <jonlabarge@comcast.net> wrote in message
news:%23wLQ%23iKuFHA.600@TK2MSFTNGP10.phx.gbl...
> We have a few users in our org that continually get locked out. Every 5
> minutes, their accounts go into the lockout state. They are locked down by
> a GPO but only for folder redirection. Any ideas???
>
> Thx.
>
> Jon
>

Relevant Pages

  • Re: User May be Logged in somewhere else. Lockout 3x a day
    ... Could also be an Scheduled Task or mapped drive that uses persistent credentials. ... Common Causes for Account Lockouts ... This section describes some of the common causes for account lockouts The common ... manager on member computers that use the account as well as domain controllers. ...
    (microsoft.public.win2000.general)
  • Re: Please help me, it is highly Urgent.............
    ... The reason why the threshold is given as 5 is because of security concern. ... with credentials that subsequently expired. ... Account lockout duration = 0 ... Persistent drives may have been established ...
    (microsoft.public.windows.server.active_directory)
  • Re: Username Vulnerability???
    ... Open Server Manager> highlight the PDC ... Password Policy and Account Lockout Policy are both ...
    (microsoft.public.windows.server.general)
  • Re: How do you wintrolls...
    ... the system will automatically log in with those credentials from then on. ... account credentials, exactly what files do you think he wants to access? ... When Vista asks you if a newly discovered network is 'Public' or 'Private', this is one of the things it is doing. ... I have not found any necessary functionality in the menu bar; as far as I can see the only the functions that are in the menu bar are the greybeard switch for the old-style status bar and, oddly, the 'Invert Selection' command- which strictly speaking can always by done manually. ...
    (comp.sys.mac.advocacy)
  • Re: custom page for user credentials?
    ... credentials against the various domains. ... after the user authenticates with IIS handling the SSPI Negotiation. ... possible for IIS6 to link a Passport user account to an AD user account -- ...
    (microsoft.public.inetserver.iis.security)
Loading