Announcement

Collapse
No announcement yet.

account lock out

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • account lock out

    Hello,
    The admin user gets locked out every so often. Cannot find any gpo that sets that behavior whatsoever. Looked everywhere in the domain and such gpo is applied.
    Any ideas?
    Thanks!

  • #2
    Re: account lock out

    Check the logs. Someone / something is attempting to login as the admin. Possibly a process, possibly webmail access.
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: account lock out

      I did. nothing is showing up on the logs. Checked all services as well on all the servers.

      Comment


      • #4
        Re: account lock out

        Did you checked the security logging in the eventviewers?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: account lock out

          Is this "The Administrator" (as opposed to any other Domain Admin)?
          If so, I thought it was the one account that is impossible to lock out

          What Server OS and domain functional level are you using?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: account lock out

            You could give Lockoutstatus.exe a try.

            Cheers
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: account lock out

              thx for the tool but I just don't understand where the lockout is coming from if there is no gpo applied whatsoever. checked everywhere!

              Comment


              • #8
                Re: account lock out

                Hopefully the tool might give you some answers. The GPO are not the only source of account lockout events.
                Caesar's cipher - 3

                ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                SFX JNRS FC U6 MNGR

                Comment


                • #9
                  Re: account lock out

                  You could perhaps look in to what you are actually audiing with regards to logon accounts. If it is a domain user account, you should be able to set auditing, so it gives the source name of the lockout and of the computer/service etc that is using the logon.

                  e.g. My DCs show log of when users have logged on and the name of the machine. If I need to investigate, I go to each DC to look. Once the source has been identified, should there have been a problem, I would then go to that PC etc.

                  Comment


                  • #10
                    Re: account lock out

                    I enabled auditing. Should anonymous logon be restricted?

                    Comment


                    • #11
                      Re: account lock out

                      Sometime anonymous logon is a service that is using that method. As long as the source is known, you probably will be ok.
                      Analyse your logs over the next couple of hours and see if sheds any mroe light.

                      Comment


                      • #12
                        Re: account lock out

                        I locked my account on purpose but don't see it in the logs. How come?

                        Comment


                        • #13
                          Re: account lock out

                          Originally posted by Ossian View Post
                          Is this "The Administrator" (as opposed to any other Domain Admin)?
                          If so, I thought it was the one account that is impossible to lock out

                          What Server OS and domain functional level are you using?
                          Can you just confirm the above Nemonat and then I will look at what setting you need. Is it 2k3 Domain?

                          Comment


                          • #14
                            Re: account lock out

                            thx Virtual. sorry for the delay. It is a windows 2003 domain.
                            I have a question. Is there a way to find out what process needs my credential information?

                            Comment


                            • #15
                              Re: account lock out

                              Originally posted by nemonat View Post
                              thx Virtual. sorry for the delay. It is a windows 2003 domain.
                              I have a question. Is there a way to find out what process needs my credential information?
                              You can look at the services and see what is under the 'Log on' tab. One of them may be using the account and may need the password resetting.

                              Comment

                              Working...
                              X