Re: all accounts locked out

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/19/03


Date: Sun, 19 Oct 2003 08:44:33 -0700

That was resolved.
That did not lock the built-in Administrator account, which
cannot be locked out by normal means.
If your built-in Administrator account is locked out from
logging into the console of the machine, then you evidenlly
have been target of some malicious software (not that the
built-in Administrator account may have been renamed).

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
  "David C" <blueburner@msn.com> wrote in message news:3f925981$0$298$ba620e4c@reader3.news.skynet.be...
  According to the website the following text was part of the MS reply dating from 2001.12.12.
  *******************************************************************
   From: Microsoft Security Response Center [mailto:secure_at_microsoft.com] 
  Sent: Wednesday, December 12, 2001 10:54 PM 
  To: Tomasz Polus 
  Cc: Microsoft Security Response Center 
  Subject: RE: Fast User Switching blocks user accounts [cb] 
  [...] "Fast User Switching is a feature that's designed primarily for 
  home users. 
  One thing that Fast User Switching does is to check local accounts for 
  blank 
  passwords to determine if a prompt should be provided for a particular 
  user or not. 
  Users who have elected to maintain blank passwords are not shown the 
  prompt 
  for their account when they switch accounts. Because of this, if 
  account lockouts 
  are enabled in conjunction with Fast User Switching, it is possible 
  for this 
  feature to inadvertently lockout accounts. 
  If you want to enable the account lockout feature, it's recommended 
  that you 
  not use the Fast User Switching feature. 
  I hope this is helpful in clarifying what you are seeing. 
  Please let us know if you have any questions or concerns." [...]
  *******************************************************************
  "GoumbaYa" <f-me@fu.net> a écrit dans le message de news:%23QfCefalDHA.3504@TK2MSFTNGP11.phx.gbl...
  > > Apparently this bug was acknowledged by MS in 2001
  > 
  > Can you post the link to the MS article stating that the bug was
  > acknowledged in 2001?  ...it doesn't sound right.
  > 
  > 


Relevant Pages

  • [NT] Windows XP Security Concerns (Fast Switch, Password Reset, Remote Desktop)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Fast user switching is a new Windows XP feature, ... Set the account lockout threshold to 3 attempts. ...
    (Securiteam)
  • Windows XP security concerns
    ... about Windows XP security and need to clarify these concerns. ... Problem with account locking due to fast user switching ... While extensively using this new feature, ... every account on the machine would be locked out ...
    (NT-Bugtraq)
  • Windows XP security concerns
    ... about Windows XP security and need to clarify these concerns. ... Problem with account locking due to fast user switching ... While extensively using this new feature, ... every account on the machine would be locked out ...
    (Bugtraq)
  • RE: trouble with switchin user - computer locked??????
    ... It seems that Fast User Switching has been turned off on your computer. ... i made a new account for my family member.. ... | the logging in screen (the screen that comes up when you ... | and this little window showed up and it says.. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows XP security concerns
    ... > using fast user switching) results in all acounts being locked out. ... Setting account lockout in general is a bit of a nuisance which normally ... > and/or a forced downgrading of security settings. ...
    (NT-Bugtraq)