Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

AD account locking out

  • 17-02-2009 3:01pm
    #1
    Registered Users, Registered Users 2 Posts: 3,100 ✭✭✭


    Folks,

    I have a user here logging into a Windows 2003 server. At least once a day she will get locked out of her account for no reason. I have reset her password, set it to never expire, etc and it still happens. Cant seem to figure this one out.


Comments

  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,591 Mod ✭✭✭✭Capt'n Midnight


    is there something trying to access the server with a stored password , maybe IE ?

    is dns working ok in case she can't see the logonserverf

    what are the lockouts set to / how long are they for

    check security in eventviewer on client and domain controller in case clues there


  • Closed Accounts Posts: 6,300 ✭✭✭CiaranC


    A lot of the new viruses are using $Admin shares to propagate. They try to authenticate against the server with a password list etc. Particularly Downadup. Maybe check that out.


  • Registered Users, Registered Users 2 Posts: 3,100 ✭✭✭whitelightrider


    Account lockouts are set to 3 attempts. Ive checked the logs on the server and on the client and theyre not showing anything regarding unauthorised attempts.


  • Closed Accounts Posts: 9,463 ✭✭✭KTRIC


    Do you have MS Communicator on the clients ?


  • Registered Users, Registered Users 2 Posts: 5,513 ✭✭✭Sleipnir


    Could she be logged in to another machine?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,100 ✭✭✭whitelightrider


    Dont have MS Communicator.

    She logs into her local PC and then uses Citrix to login to the servers in Dublin. I have synched her password in both places, recreated her Citrix profile in case that was corrupt, swapped out the PC in case that was the problem. But its still happening.


  • Registered Users, Registered Users 2 Posts: 5,513 ✭✭✭Sleipnir


    I get this a lot with people who are logged into some other machine somewhere on the network that they've forgotten about. Never really looked into it much to be honest but usually when I find the other machine and log them out it's okay.

    I usually use Hyena to find the other machine but you might be able to find it using psloggedon from PStools. http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx

    I know how much a pain the ass this is so I'm watching for all other suggestions!


  • Registered Users, Registered Users 2 Posts: 5,513 ✭✭✭Sleipnir


    ANy joy OP?


  • Closed Accounts Posts: 5,429 ✭✭✭testicle


    Any services/scheduled tasks running as that user?


  • Registered Users, Registered Users 2 Posts: 1,629 ✭✭✭NullZer0


    Sleipnir wrote: »
    Could she be logged in to another machine?

    Thats what I would think too.
    Stored passwords?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 170 ✭✭joe_elway


    use the "user account lockout tools" (free download) to ID exactly when and where (what DC) the lockout takes place. Then use that info to check the security log. That'll tell you what machine this takes place on and exactly when it happened.

    In tha past, this normally happened to me/team members when they failed to log our of a server (RDP access) and disconnected instead. They'd stay logged in. They'd change their password according to policy and the disconnected session would then start to fail to login to mapped resources. That'd lock them out. Resetting that session using the above troubleshooting would sort things out.

    Could also be a negligent admin using their own credentials to start a service. ID the trouble machine (above) and then check services logon credentials in the services MMC. Follow that up with a stick across the knuckles and a lesson on security.


Advertisement