Technology Tips and News
I have disabled and renamed my guest in account in Active Directory. I am seeing account lockouts for this renamed guest account throughout the day even after renaming. I have validated I don't have someone trying to hack/bang away at this account. When I look at the source logs it seems that I get this whenever group policy periodically refreshes. Has anyone ever seen this or any thoughts why this is happening.
Thanks,
Matt
You should be able to determine the root cause by following http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/e6134dab-acb7-4c6d-a21e-6bb07357c221
hth
Marcin
Check the Group Policy settings applicable to servers in question...
hth
Marcin
I see the same issue with an account that is disabled still getting locked out. I even changed the userid and it continues to generate account lockout events.
What can cause this?
Hi,
Please follow this steps which will help you resolved the issue.
1. Using ADSIEDIT changed the value of UserAccountControl attribute of the Guest account to 66082(numerical) i.e. 0x10222(in hex) and disabled it which is the sum of the following attributes:
a. ACCOUNTDISABLE; PASSWD_NOTREQD; NORMAL_ACCOUNT; DONT_EXPIRE_PASSWORD
b. Its current value was 0x10202 aka 66050 in dec (I believe this implies ACCOUNTDISABLE | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD)
2. Then for the account (in ADUC) do the following:
a. Unchecked the "user cannot change password" -> OK
b. Right-clicked on the Guest account and selected reset password and kept it blank and clicked OK
i. This step is to set a NULL password for the GUEST account and keep it disabled
c. Right-clicked on the guest account and checked the "user cannot change password" again
https://support.microsoft.com/en-us/kb/305144?wa=wsignin1.0
Same case is resolved in past.
Hello,
Have a look and the below thread....discussing same,
Hi,
Please follow this steps which will help you resolved the issue.
1. Using ADSIEDIT changed the value of UserAccountControl attribute of the Guest account to 66082(numerical) i.e. 0x10222(in hex) and disabled it which is the sum of the following attributes:
a. ACCOUNTDISABLE; PASSWD_NOTREQD; NORMAL_ACCOUNT; DONT_EXPIRE_PASSWORD
b. Its current value was 0x10202 aka 66050 in dec (I believe this implies ACCOUNTDISABLE | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD)
2. Then for the account (in ADUC) do the following:
a. Unchecked the "user cannot change password" -> OK
b. Right-clicked on the Guest account and selected reset password and kept it blank and clicked OK
i. This step is to set a NULL password for the GUEST account and keep it disabled
c. Right-clicked on the guest account and checked the "user cannot change password" again
https://support.microsoft.com/en-us/kb/305144?wa=wsignin1.0
Same case is resolved in past.
We are having the same issue of an account being repeatedly locked out despite being disabled, but our issue with the built-in domain administrator account. What would we do differently with that account vs the guest account?
I changed the login name for the Administrator account so that it should no longer match whatever is triggering the problem, but it still doesn't prevent it from triggering the 4740 events every few hours.
Hi,
For your issue kindly check the GPO for that also if possible open the separate question for this issue.
Hi,
Any updates on issue?
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier