-
July 7th, 2004, 04:16 PM
#1
Account lock out
Hi,
there is an employee in my company and her account in the active directory is getting locked out time and again. The machine has Win 2K professional service pack 4. also she doesnot make any mistake while typing in her password, so no log in failures. can some one help. Is any one else trying to access her account also ?
MRG.
-
July 7th, 2004, 04:21 PM
#2
Junior Member
have you tried looking at her machine and making sure that she does not have any password saved. also look at the secuirty logs on the DC and see if she is logged in on another terminal with an old password.
-
July 7th, 2004, 04:21 PM
#3
The account lockout threashold is being triggered. It seems that indeed someone else is attempting to use her credentials. Give the AD admins a call and have them start logging the account. This way they can see when the failed attempts are made.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 7th, 2004, 04:23 PM
#4
That is normally the first indication of a would be intruder. Does the event log have several failed login attempts outside the normal lockout duration? This intruder could be trying to access her machine or elevate privy, or she is trying to elevete privy (priveledge) to other machines and AD is locking her out. As usual the logs will tell.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
July 7th, 2004, 04:30 PM
#5
Often one of the many new worms going around will hammer away at common accounts trying to guess the password. Remember this does not have to be from the users workstation per se.
Check workstations task manager for strange .exe's running.
Make sure logging is turned on for failed login attempts.
Event viewer will report the failure and each entry will also contain with IP/HOSTNAME/Netbios name of the node attempting the login.
Another possibility is a service is setup to use that users account to start and if a password has recently changed, often the password info in the service profile is not changed. Check that too.
What AV software is running on the workstations? Make sure patterns are updated.
-
July 7th, 2004, 04:47 PM
#6
Make sure the user doesn't have a scheduled job like a backup or similar running in her context. If she has and she recently changed the password then the password for the job needs to be changed.
That's the most usual way to get these type of lockout IME.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 7th, 2004, 04:58 PM
#7
I did give a call ,, Meanwhile i have one more question, With another employee, todaybmorning when he tried to log in he got an error saying the account for your computer doesnot exist or your password is incorrect, Then his machine was brought down from the domain and re joined in the domain. Now he said that he was able to logg in correctly till yesterday night, today morning this problem arises, The domain admins have no idea as to why his computer was disjoined from the domain.
please help.
MRG.
-
July 7th, 2004, 05:21 PM
#8
Another possibility is a service is setup to use that users account to start and if a password has recently changed, often the password info in the service profile is not changed. Check that too.
How do i do that, is this by going into administrative tools and then checking which service ?
Thanks
MRG.
-
July 7th, 2004, 05:46 PM
#9
Originally posted here by mrg81
Another possibility is a service is setup to use that users account to start and if a password has recently changed, often the password info in the service profile is not changed. Check that too.
How do i do that, is this by going into administrative tools and then checking which service ?
Thanks
MRG.
In the services manager, you can look at each service to see which account is used to start the service.
Look at the "log on as" section to see which account is used.
If you need to edit the info, double click the service and choose the "log on" tab.
-
July 7th, 2004, 05:51 PM
#10
I did that, Every service that I clicked on said local system account.
MRG.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|