Account Lockout

D

Diane Walker

We are running Windows 2000 Active Directory and Windows XP. For some
reasons, one of the accounts kept locking out every hour. Is there a way to
fix this problem? Thanks.
 
M

Mark Renoden [MSFT]

Hi Diane

There's some guidance at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

You can get the tools from:

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

I'd typically use Lockoutstatus.exe to examine which DC(s) are getting hit
with bad password attempts for the account and then enable auditing and
examine the logs on those DC's. If the bad password attempts are occurring
quite frequently or on a regular interval, you're probably looking for a
process. You can use the audit logs to find which client(s) the bad
attempts are coming from and then implement alockout.dll to find the
offending process.

If the bad password attempts are not extremely frequent or not at a regular
interval, it's probably just a user typing the wrong thing in. Time to find
who that is and talk it over with them :)

You might want to review your policy also and align it with a recommendation
from the paper above.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
R

Ryan Hanisco

Diane,

It should also be mentioned that frequent password lockouts can be the
signature of a virus or an intrusion.
These are usually not so careful and can rapidly go through a domain locking
out dozens or hundreds of accounts if you have not sufficiently locked down
your controllers.

I don't want to alarm you, but do be wary of that. Check you Antivirus in
the background while you are looking for a service account with an unchanged
password.
--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

Mark Renoden said:
Hi Diane

There's some guidance at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

You can get the tools from:

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

I'd typically use Lockoutstatus.exe to examine which DC(s) are getting hit
with bad password attempts for the account and then enable auditing and
examine the logs on those DC's. If the bad password attempts are
occurring quite frequently or on a regular interval, you're probably
looking for a process. You can use the audit logs to find which client(s)
the bad attempts are coming from and then implement alockout.dll to find
the offending process.

If the bad password attempts are not extremely frequent or not at a
regular interval, it's probably just a user typing the wrong thing in.
Time to find who that is and talk it over with them :)

You might want to review your policy also and align it with a
recommendation from the paper above.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Diane Walker said:
We are running Windows 2000 Active Directory and Windows XP. For some
reasons, one of the accounts kept locking out every hour. Is there a way
to fix this problem? Thanks.
 
D

Diane Walker

Thank you very much for your assistance.

Mark Renoden said:
Hi Diane

There's some guidance at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

You can get the tools from:

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

I'd typically use Lockoutstatus.exe to examine which DC(s) are getting hit
with bad password attempts for the account and then enable auditing and
examine the logs on those DC's. If the bad password attempts are
occurring quite frequently or on a regular interval, you're probably
looking for a process. You can use the audit logs to find which client(s)
the bad attempts are coming from and then implement alockout.dll to find
the offending process.

If the bad password attempts are not extremely frequent or not at a
regular interval, it's probably just a user typing the wrong thing in.
Time to find who that is and talk it over with them :)

You might want to review your policy also and align it with a
recommendation from the paper above.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Diane Walker said:
We are running Windows 2000 Active Directory and Windows XP. For some
reasons, one of the accounts kept locking out every hour. Is there a way
to fix this problem? Thanks.
 
D

Diane Walker

Thank you very much.

Ryan Hanisco said:
Diane,

It should also be mentioned that frequent password lockouts can be the
signature of a virus or an intrusion.
These are usually not so careful and can rapidly go through a domain
locking out dozens or hundreds of accounts if you have not sufficiently
locked down your controllers.

I don't want to alarm you, but do be wary of that. Check you Antivirus in
the background while you are looking for a service account with an
unchanged password.
--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

Mark Renoden said:
Hi Diane

There's some guidance at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

You can get the tools from:

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

I'd typically use Lockoutstatus.exe to examine which DC(s) are getting
hit with bad password attempts for the account and then enable auditing
and examine the logs on those DC's. If the bad password attempts are
occurring quite frequently or on a regular interval, you're probably
looking for a process. You can use the audit logs to find which
client(s) the bad attempts are coming from and then implement
alockout.dll to find the offending process.

If the bad password attempts are not extremely frequent or not at a
regular interval, it's probably just a user typing the wrong thing in.
Time to find who that is and talk it over with them :)

You might want to review your policy also and align it with a
recommendation from the paper above.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Diane Walker said:
We are running Windows 2000 Active Directory and Windows XP. For some
reasons, one of the accounts kept locking out every hour. Is there a
way to fix this problem? Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top