Re: Automatically user lockout - big problem
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/13/05
- Previous message: Stuart Leitch: "Encrypting File System no longer working on domain"
- In reply to: Juan: "Automatically user lockout - big problem"
- Next in thread: Juan: "Re: Automatically user lockout - big problem"
- Reply: Juan: "Re: Automatically user lockout - big problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Apr 2005 21:11:37 -0500
Does this happen to all administrators or just these three?? Is it happening
to any other users?? Check the security logs of the domain controllers to
see if any helpful information is recorded. You will have to look in the
security logs of all the domain controllers. By default logging of account
logon events should be enable for Windows 2003. If auditing of account
management is not enabled for auditing, enable that also. You might want to
try using netlogon logging to see what the source computer or computers are
causing this via traceback to originating computer. If you enable auditing
of logon events on domain computers an even will be recorded in the security
log of the domain computer where the account was locked out and if it was a
type 3 network logon it will show the source computer of the lockout. Event
Comb can be used to scan domain computers for that account lockout event.
If you are sure of the computer and can not track down the problem you may
be better off reinstalling the operating system on those computers. Another
possibility would be to install a personal firewall on the computer and wait
for it to attempt to contact a domain controller or another computer at the
hourly interval. The firewall probably would list the process that is trying
to contact the remote computer. Sygate is great for such a purpose. As far
as account lockout, Microsoft recommends that the account threshold be no
less than ten bad attempts. --- Steve
"Juan" <Juan@discussions.microsoft.com> wrote in message
news:625CE6C8-8163-4163-B326-34D86CF1D930@microsoft.com...
> Hello,
>
> we're running a W2K3 Active Directory. After deploying MS05-010, MS05-011
> and MS05-012 on all our DCs, three of my colleagues are locked out
> automatically every hour. - One of them has changed his passwords a few
> days
> ago.
>
> In general this happens if you enter a wrong password more that a couple
> of
> times, but they are sure that they are using the right passwords. - All
> admin
> colleagues - no stupid users ...
>
> I've examined the security logs using Microsofts Account Lockout and
> management tools.
> (http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en)
>
> The only thing that I can see is that the workstations on which my
> colleagues are working from are the issuer of the request.
>
>
> Can you confirm any relation to the hotfixes? Have you other ideas to
> help?
> Are there other tools to install on a client to check which application is
> trying to authenticate using bad credencials? (Better than the the
> ALockout.dll does?)
>
>
> We've checked for:
> - mapped drives
> - Locked servers
> - Mapped printers
> - Client Management applications
> - Open sessions on terminal services
>
> - > No way. No idea.
>
>
> Thanks in advance
>
>
> Juan
- Previous message: Stuart Leitch: "Encrypting File System no longer working on domain"
- In reply to: Juan: "Automatically user lockout - big problem"
- Next in thread: Juan: "Re: Automatically user lockout - big problem"
- Reply: Juan: "Re: Automatically user lockout - big problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
