Re: Account keeps going locked out in Windows 2000 Pro SP4

From: Matt Scarborough (vexversa_at_verizon.net)
Date: 07/18/03 

Date: Fri, 18 Jul 2003 01:41:02 +0000

On Thu, 17 Jul 2003 11:06:54 -0700, Chris G wrote
<034001c34c8e$34ab1480$a101280a@phx.gbl>
> I have a home pc running win2k pro sp4 with different user
> accounts for each member of the family. ALL the accounts
> (including the administrator) keep going locked out. The
> administrator account doesn't matter as it will let me log
> on anyway, but the 'locked out' box is still ticked. This
> happens at least once a day. I have the following
> settings in lstart\settings\control panel\administrative
> tools\local security policy\account policies\account
> lockout policy:
>
> account lockout duration = 0
> account lockout threshold = 5 invalid attempts
> reset account lockout counter after = 30 minutes

An account lockout duration of zero enables the behavior you are seeing: the
account will be locked out until an administrator explicitly unlocks it

Are you absolutely certain of this next statement?

> there are no invalid log on attampts, the password is
> accepted after I unlock.

As Mike mentioned and I will restate, password guessing (attempting to logon to
a machine over the Internet by trying a list or random passowrds) is markedly on
the rise and widespread on the Internet.

> It is driving me mad as I keep having to log on as
> administrator to unlock the accounts

This behavior that is driving you mad would alert me that something is very
wrong. I would enable full auditing on this machine, secure the audit logs,
verify the security posture, and make sure the firewall (you do have a firewall,
yes?) is properly configured.

Matt Scarborough 2003-07-18

Relevant Pages

  • Re: Permissions to unlock Administrator account?
    ... you cannot lockout the administrator account...it will unlock automatically as soon as you enter the correct pwd ... leaving only the Administrator account there (I believe ... and unlock user accounts to our accounts so we could still use AD Users and ... Computers for daily admin tasks. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADMINISTRATOR vs Administrator User
    ... when run on an administrator account. ... As to getting past the limitations imposed by WindowsXP ... There are very few - very very few - modern applications that require ... user accounts. ...
    (microsoft.public.windowsxp.general)
  • Re: Administrator restricted - Control Panel Missing
    ... If you did not specifically set up Group Policy to restrict access to ... The command net users will display user accounts and net user username will ... type of administrator. ... the control panel was missing. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: password expiration policy for admin and system accounts ?
    ... > scheduled tasks that use various administrative accounts. ... > administrative account which starts several key exchange services. ... > Thus every time the exchange server was rebooted several exchange services ... >> JJ wrote:>>> Our auditors are objecting to our having Domain Administrator and domain>>> system accounts with passwords that never expire. ...
    (microsoft.public.security)
  • Re: password expiration policy for admin and system accounts ?
    ... > scheduled tasks that use various administrative accounts. ... > administrative account which starts several key exchange services. ... > Thus every time the exchange server was rebooted several exchange services ... >> JJ wrote:>>> Our auditors are objecting to our having Domain Administrator and domain>>> system accounts with passwords that never expire. ...
    (microsoft.public.win2000.security)