Accounts constantly locking out

W

William Hymen

I have a two-node Active Directory domain, which I use for change control.
On these, I have created 400 shares and 200 ID's for dropping-off;
promoting; and picking-up
software.
I create user ID's and permission the ID to the share and the folder.
The developers drop off the code; and the installers pick it up
during our green-zone. It has worked well for 5 years... almost!

My users are constantly locking their ID's out; which I then have to
endlessly connect with telnet and "net user JoeSmith /active:yes "
to restore the account. No amount of training seems to help,
and they always seem to map-network-drive and lock themselves out again.

How can I increase the number of failed netbios connections before
lockouts?,
or better yet, why does this happen so much?

Thanks in advance-

Bill
 
S

Steven L Umbach

You can increase the account lockout threshold in "Domain Security Policy"
where it should be no less than ten bad attempts assuming you are not
allowing weak passwords. Other than fumble fingers common causes of lockouts
are users being logged onto multiple computers, using mapped drives with
persistent connections, and having user account used for service or
Scheduled Task and not changing those passwords also. Open Domain Security
Policy and go to security settings/ account policies/account lockout policy
and set the account lockout threshold to at least ten. The link below may
help if the problem persists with the associated tools and referenced white
paper.. --- Steve

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
 
V

Vasu

Dear William,

Strange things are happening in our domain Controller.

Accounts are automatically getting locked out and clients response time is
very very slow... all these are happening from past 2 days.

We have Win2K with SP4.0 and we have automatic updates set to on.

Could you please let us know how to overcome Automatic Account Lockout
problem.

Thanks in advance

Regards
Vasu
 
W

William Hymen

Vasu,

Please try the suggestion posted by Steven L Umbach
(above)

Good luck,
Bill
 
W

William Hymen

Thanks Steve,

question #1 -
In reference to your download link for ALTools.exe, do you know of any
command-line tools
to help me remotely manage share and user permissions? I would
love to be able to add/delete/update users to shares and folders with a
(telnet) command-line tool rather than terminal services and GUI.

Thanks in advance!

Bill

question #2 - is this the root of your searches?

??
http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=12
??
 
G

Guest

|Thanks Steve,
|
|question #1 -
|In reference to your download link for ALTools.exe, do you know of any
|command-line tools
|to help me remotely manage share and user permissions? I would
|love to be able to add/delete/update users to shares and folders with a
|(telnet) command-line tool rather than terminal services and GUI.
|

The NT resource kit has a commandline program named RMTSHARE which allows you
to display/create/change/delete/set permissions on shares on a remote
computer.
You can download it here:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/RMTSHAR.EXE

|Thanks in advance!
|
|Bill
|
|question #2 - is this the root of your searches?
|
|??
|http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=12
|??
|
|
||> You can increase the account lockout threshold in "Domain Security Policy"
|> where it should be no less than ten bad attempts assuming you are not
|> allowing weak passwords. Other than fumble fingers common causes of
|lockouts
|> are users being logged onto multiple computers, using mapped drives with
|> persistent connections, and having user account used for service or
|> Scheduled Task and not changing those passwords also. Open Domain Security
|> Policy and go to security settings/ account policies/account lockout
|policy
|> and set the account lockout threshold to at least ten. The link below may
|> help if the problem persists with the associated tools and referenced
|white
|> paper.. --- Steve
|>
|>
|http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-
|8629-B999ADDE0B9E&displaylang=en
|>
|> |> >I have a two-node Active Directory domain, which I use for change
|control.
|> > On these, I have created 400 shares and 200 ID's for dropping-off;
|> > promoting; and picking-up
|> > software.
|> > I create user ID's and permission the ID to the share and the folder.
|> > The developers drop off the code; and the installers pick it up
|> > during our green-zone. It has worked well for 5 years... almost!
|> >
|> > My users are constantly locking their ID's out; which I then have to
|> > endlessly connect with telnet and "net user JoeSmith /active:yes "
|> > to restore the account. No amount of training seems to help,
|> > and they always seem to map-network-drive and lock themselves out again.
|> >
|> > How can I increase the number of failed netbios connections before
|> > lockouts?,
|> > or better yet, why does this happen so much?
|> >
|> > Thanks in advance-
|> >
|> > Bill
|> >
|> >
|>
|>
|
|
 
S

Steven L Umbach

As the other poster mentions you can use RMTSHARE to manage share
permissions from the command line and you can use cacls [buit it] or xcacls
to manage folder permissions. I don't know if this will be of use to you but
the free psexec tool from SysInternals allows you to work with the command
prompts of remote computers as long as you have admin permissions and file
and print sharing [port 139/445] connection to the remote computer. I did
not do a search from any particualar point but had that linked bookmarked. I
usually do my searches from Google and from search Microsoft.com. --- Steve

http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
http://search.microsoft.com/search/search.aspx?st=a&View=en-us -- search
Microsoft.com
 
E

Ed Siff

This sounds very much like a hacker breakin attempt, given the sluggishness.
Check your security logs for event ID 529 (Unknown user name or bad password).

Ed
 
O

Olaf Engelke [MVP]

Hi,
Vasu said:
Strange things are happening in our domain Controller.
Accounts are automatically getting locked out and clients response
time is very very slow... all these are happening from past 2 days.
Click to expand...

I have seen this recently caused by a virus, which attempts brute force
attacks with a list of passwords to various domains.
There are two things you should try:
1. Get the source workstation(s) of the failed logon attempts from the
network and make a clean install (at least Trend Micros was one week ago not
able to catch that virus.)
2. Disable anonymous account enumerations by setting the value to 1 (if the
source is not in your range and not domain member, this reduces the attack
interface to well known accounts):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
Value Name: RestrictAnonymous
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = allowed, 1 = restricted, 2 = require anonymous permissions)

3. Filter out the source IP addresses (maybe use network monitor to see,
where the attacks are coming from).

Best greetings from Germany
Olaf.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local user accounts constantly locking out - please help! 4
How do I stop OUtlook 2007 from locking up CONSTANTLY...... 1
Odd bug identified: XP locking out accounts - prevention found! 4
My server is locking out ALL accounts 3
Locking a user down to a single computer! 5
messenger logs in and out constantly 1
domain accounts are being locked out repeatedly 0
Windows accounts locked out for unknown reason 2

Top