account locked out
Hi all, Why would a user on the network be prompted a number of times throughout the day for their credentials. The account also becomes locked out and needs unlocking. Thanks
June 27th, 2012 4:14am

Hello, if the account is used in scripts, scheduled tasks etc. and the password is changed this may happen. Also the Conficker Virus result in account lockouts http://support.microsoft.com/kb/962007/en-us For account lockout use the troubleshooting tools http://www.microsoft.com/en-us/download/details.aspx?id=18465 http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx http://support.microsoft.com/kb/109626 http://blogs.dirteam.com/blogs/paulbergson/archive/2012/04/23/user-account-lockout-troubleshooting.aspxBest regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2012 4:18am

Hi, Since the account lockout issue could be caused by many factors, such as Programs, Service accounts, Low bad password threshold AD replication and Redundant credentials. At this time, in order to narrow down the cause of the account lockout issue. I suggest we try to enable Auditing policy, Netlogon Logging and Kerberos Logging to capture the information about the accounts that are being locked out. Enable Auditing at the Domain Level To view the Auditing policy settings, in the Group Policy MMC, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy. Enable auditing for the event types listed in the previous section. Enable Kerberos event logging on a computer Click Start, click Run, type regedit, and then press ENTER.Add the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry value to the registry key: Registry value: LogLevelValue type: REG_DWORDValue data: 0x1 If the Parameters registry key does not exist, create it. Close Registry Editor and restart the computer. Regarding enabling Netlogon logging, we could refer to the article Meinolf provided. For details about troubleshooting account lockout issue, please refer to the articles below. Troubleshooting Account Lockout http://technet.microsoft.com/en-us/library/cc773155(v=ws.10) Maintaining and Monitoring Account Lockout http://technet.microsoft.com/en-us/library/cc776964.aspx Regards, Andy
June 28th, 2012 12:27am

I have a user that locks them selves out about once every 3 days at my work. The way I found it was her was that I logged into the Domain Controller and checked the Event Viewer. Made a Custom XML filter to show only ones wither her username in and done it was all of the different types of events, not just security... This brought back a goood 150 from the past few days but I found there were a lot of invalid credential logs.Most having a 2-10 second break between which is enough to retype the password. Also used "Services" and checked through some of the non-default ones to make sure there wasnt anything dodgy going on there.
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2012 9:33pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics