all accounts locked out

  • Thread starter Thread starter David C
  • Start date Start date
D

David C

Hello,

I stick up in this problem (please visit
http://lists.insecure.org/lists/bugtraq/2001/Dec/0220.html, problem #1).

Here's a list with the configuration pts. I have in common with what is
described in the page linked above.

* My Windows XP Pro has 10 registered users with various privilege
levels
* Fast-user switching login interface is enabled
* Account locking feature enabled
* All accounts besides the 'Guest' one (used it to send this post)
are locked out and await an Administrator to unlock them.

Moreover several accounts were disabled before the incident, including the
Administrator one. It's beacause the account comes from the same group.

What can I do since the only remaining account from the Administrator group
has now been locked?

Apparently this bug was acknowledged by MS in 2001.12 and still seems not to
have been solved through any patch yet released...


I really need some prompt help,
if someone knows any hint or procedures, post it.

Thanks in advance
David
 
Apparently this bug was acknowledged by MS in 2001

Can you post the link to the MS article stating that the bug was
acknowledged in 2001? ...it doesn't sound right.
 
According to the website the following text was part of the MS reply dating from 2001.12.12.



*******************************************************************

From: Microsoft Security Response Center [mailto:secure_at_microsoft.com]


Sent: Wednesday, December 12, 2001 10:54 PM
To: Tomasz Polus
Cc: Microsoft Security Response Center
Subject: RE: Fast User Switching blocks user accounts [cb]
[...] "Fast User Switching is a feature that's designed primarily for
home users.
One thing that Fast User Switching does is to check local accounts for
blank
passwords to determine if a prompt should be provided for a particular
user or not.
Users who have elected to maintain blank passwords are not shown the
prompt
for their account when they switch accounts. Because of this, if
account lockouts
are enabled in conjunction with Fast User Switching, it is possible
for this
feature to inadvertently lockout accounts.
If you want to enable the account lockout feature, it's recommended
that you
not use the Fast User Switching feature.
I hope this is helpful in clarifying what you are seeing.
Please let us know if you have any questions or concerns." [...]



*******************************************************************
 
That was resolved.
That did not lock the built-in Administrator account, which
cannot be locked out by normal means.
If your built-in Administrator account is locked out from
logging into the console of the machine, then you evidenlly
have been target of some malicious software (not that the
built-in Administrator account may have been renamed).

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
According to the website the following text was part of the MS reply dating from 2001.12.12.



*******************************************************************

From: Microsoft Security Response Center [mailto:secure_at_microsoft.com]


Sent: Wednesday, December 12, 2001 10:54 PM
To: Tomasz Polus
Cc: Microsoft Security Response Center
Subject: RE: Fast User Switching blocks user accounts [cb]
[...] "Fast User Switching is a feature that's designed primarily for
home users.
One thing that Fast User Switching does is to check local accounts for
blank
passwords to determine if a prompt should be provided for a particular
user or not.
Users who have elected to maintain blank passwords are not shown the
prompt
for their account when they switch accounts. Because of this, if
account lockouts
are enabled in conjunction with Fast User Switching, it is possible
for this
feature to inadvertently lockout accounts.
If you want to enable the account lockout feature, it's recommended
that you
not use the Fast User Switching feature.
I hope this is helpful in clarifying what you are seeing.
Please let us know if you have any questions or concerns." [...]



*******************************************************************
 
Back
Top