user accounts gets locked out
since changing passwords for the client users i have noticed tht some of my users gets locked out i unlock them in server(windows server 2003) i untick the place written "account is locked out" but after some time it ticks itself i checked all policies are fyn but i still get this problem of itself ticking account is locked out. i need assistance on this so guys please helppppppppp
July 26th, 2011 9:23am

This might be due to conficker virus on the network http://support.microsoft.com/kb/962007 http://blogs.technet.com/b/rhalbheer/archive/2009/01/13/additional-information-on-conficker-msrt-removing-conficker.aspx in addtion to it you may also use account lockout tools to know the exact reasom http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2011 9:44am

since changing passwords for the client users i have noticed tht some of my users gets locked out i unlock them in server(windows server 2003) i untick the place written "account is locked out" but after some time it ticks itself i checked all policies are fyn but i still get this problem of itself ticking account is locked out. i need assistance on this so guys please helppppppppp the issue is most possibly caused by either a worm (see the other message from Rameez) or due to someone/something (e.g. a "bot" or "worm") trying to "bruteforce" such accounts To solve the issue you'll need to ensure that your network isn't exposing "unneeded" ports to the internet (for example the RDP port or the FTP one), to check your eventlog and track "logon failed" events, to see where they are coming from and also to ensure you're using a good password policy so that it will still be difficult for an attacker to "guess" one of your accounts passwords Notice that, in case the "bruteforce" comes from RDP connection attempts a quick and easy way to avoid such a kind of automated attacks is to change the RDP port from 3389 to a different one as described in the articles you'll find below; such a thing will NOT add security, but will at least help you avoiding automated attacks coming from bots/worms and targeting the standard RDP port (3389/tcp); the idea is the following: add the new listening port (e.g. 18951), check that it works by opening up the firewall for such a port (and creating a forwarding rule if needed) and trying to connect to the port using the regular RDP client; once you'll know it works, just disable the standard rule related to port 3389 and leave the alternate-port rule in place, from that moment on, to connect to your box using RDP you'll just need to use the alternate port you defined How to change/add an RDP port http://support.microsoft.com/kb/306759 http://support.microsoft.com/kb/187623 http://www.petri.co.il/add_a_new_rdp_listening_port_to_terminal_server.htm as for the presence of worms/bots/malware on your own network, I think you should ensure that all your systems are up to date with the latest Microsoft updates/servicepacks/hotfixes, also ensure to run the Microsoft Malware Removal tool and check that all your systems are running an antivirus and that it's updated; in a desperate case, you may want to pick this tool, install it on a system which you'll connect to a "monitor port" (so that it will be able to see all the traffic) and then check the logs/alerts to see if there's any kind of bot/malware running on your network and possibly identify the hosts and clean them up; for such a task, you may use this cleanup tool from Microsoft which will allow to boot the system from a boot-cd and perform a full scan/clean Notice that, having malware running on your network will not only cause YOU issues, but will also cause issues to other people, so, to protect yourself and the others, ensure to keep your network (and hosts) clean and to constantly monitor its health status Forgot (sorry) if you don't have a "grip" on the network you are administering, I suggest you to spend some time gathering as much informations as possible and trying to "map" it to exactly understand "how it is connected" and to "who"; a simple tool which may help you in such a task is this one, just run it from whatever box (as long as the box you'll pick is able to "see" the whole network) and you'll then be able to quickly gather some infos on your network topology, infos which may then allow you to further investigate
July 26th, 2011 10:08am

Hi, Please check whether there is a persistent network connection with an invalid password, if there is a service using a user account with an invalid password. To effectively troubleshoot account lockout issue, please refer to the following support article: Maintaining and Monitoring Account Lockout http://technet.microsoft.com/en-us/library/cc776964(WS.10).aspx For your information, after you set the auditing and logging, wait until account lockouts occur. When the account lockout occurs, retrieve both the Security event log and the System event log, as well as the Netlogon logs for all of the computers that are involved with the client's lockout. This includes the PDC emulator operations master, the authenticating domain controller, and the client computers that have user sessions for the locked-out user. If any trouble is encountered, please let us know. If any error is showed, you can paste the log here for research. Thanks. NinaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2011 4:35am

Hi, In addition, this can be due to a network drive trying to map with bad credentials. Cheers,http://blog.simaju.fr - Partage de connaissances et retour d'expriences.
July 29th, 2011 4:43am

Check logs in event viewer on your DCs. You will get the source computer. Once identified, go to the computer and check if there is applications / services running using these accounts with wrong passwords. Also, have a look to Paul's article: http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2011 7:14am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics