Announcement

Collapse
No announcement yet.

how to activate Account lockedout option

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to activate Account lockedout option

    Hi,

    I wonder if anyone here might be able to help me again.

    I have a question on the account lockout issue. Today, i got a user whose account was locked out. So i went to Server Management, right click on the user, properties, under Account tab, the "Account is locked out" option is greyed out. I couldn't do anything from this point. Is there anything i should do to make it active or?

    Thank you in advance

  • #2
    Re: how to activate Account lockedout option

    Originally posted by associates
    the "Account is locked out" option is greyed out.
    But is it checked or unchecked?
    When unchecked then it is normal that option is greyed out.
    How many DC's do you have?
    - EDIT -
    sorry it is Windows SBS so there is only one DC,

    Check the security log on that server about 'account lockouts'.


    \Rem
    Last edited by Rems; 5th March 2007, 10:49.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: how to activate Account lockedout option

      Originally posted by Rems View Post
      EDIT -
      sorry it is Windows SBS so there is only one DC.


      \Rem
      NOOOOOOO! WRONG!
      Popular misconception! You can have as many as 75 DC's in an SBS network (only because you need a license for each one and you are limited to 75 licenses).
      TIA

      Steven Teiger [SBS-MVP(2003-2009)]
      http://www.wintra.co.il/
      sigpic
      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We donít stop playing because we grow old, we grow old because we stop playing.

      Comment


      • #4
        Re: how to activate Account lockedout option

        Originally posted by teiger
        NOOOOOOO! WRONG!
        Popular misconception! You can have as many as 75 DC's in an SBS network (only because you need a license for each one and you are limited to 75 licenses).
        tnx!
        In that case the problem can be related w/ Replication delay between DC's. Then do check the security log in the eventviewer on every DC.
        Findout where the account locked-out is logged.

        \Rem

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: how to activate Account lockedout option

          Thank you for your replies, Teiger and Rems.

          I checked this morning on the security log but couldn't find anything related to "account locked out" events.

          DC? is that Domain Client or ? sorry not familiar with this short abbreviation.

          No, it was unchecked so it's normal that the option is greyed out. So why was it locked out? I mean as administrator, i should be able to take control of it.

          I need to know how this account lockout works. Should the option be activated when an account is locked out hence administrator can uncheck it so that the account will no longer be locked. Is this right?

          I'm afraid i have another question to ask. When i was looking up the account lock out event under security log, i found this "Failure Audit".
          Description:
          Logon Failure
          Reason: Unknown user name or bad password
          Event ID: 529
          Logon Process: NtLmSsp

          My question is whether i should ignore this error. How do i go about fixing this error?

          Thank you in advance

          Comment


          • #6
            Re: how to activate Account lockedout option

            I'm sensing a certain lack of knowledge with Windows here...? Would you like to tell us where you're "at" training and experience wise?

            Anyway - Account lockouts. When the account is NOT LOCKED, the "locked out" check box is not checked, and it is greyed out. You cannot select "Locked Out". When the incorrect password is entered by a user x times (x is the lockout threshold set in policy) the account is automatically locked out to prevent further login attempts, and the "locked out" check box becomes enabled and TICKED. To unlock the account, you untick it and click "OK" on the dialog box.

            DC=Domain Controller. This is the computer (there may be more than one) that keeps track of domain-wide user accounts, passwords, and LOCKOUTS.

            The error you saw in the event log isn't an error you need to fix; it's simply a user account entering an incorrect password during the login process.

            Regarding your original problem, it sounds like the user's assertion that their account was "locked out" was incorrect. Get the exact error message that was displayed to them when they tried to log in. Either that, or your organisation has set a time limit for lockouts; they would then become unlocked at the end of the timeout.

            Last little thing; I don't know about SBS because I never ran it - but in Windows Server 2003 to access and manage user accounts we don't run "Server Management"? We run "Active Directory Users and Computers". Is this an SBS thing?
            Last edited by Stonelaughter; 6th March 2007, 00:20.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: how to activate Account lockedout option

              Originally posted by teiger View Post
              NOOOOOOO! WRONG!
              Popular misconception! You can have as many as 75 DC's in an SBS network (only because you need a license for each one and you are limited to 75 licenses).
              75 DCs and hundreds to thousands of cals for which you pay through the nose - SBS cals aren't cheap!
              I know, I know, you get more than a Windows 2003 license />
              Last edited by ahinson; 6th March 2007, 04:45.
              Andrew

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: how to activate Account lockedout option

                Thank you Tom for your help.

                Yes, i suppose your sense's right about my knowledge of windows SBS 2003. I didn't take up any courses but just rely on the textbook. All i know about the SBS is just the basic ones that're needed on a daily basis. So when the unexpected events crop up, i just consult the book or come to this forum.

                Thank you anyway for your help. I got a direct explanation from you. However, one thing i like to check with you is that the reason for the option "account locked out" is disabled or grey out is due to a time limit set for lockouts. Once that time limit is expired, the option would be enabled again to let us untick it. Is that right?

                Thank you for your help in advance

                Comment


                • #9
                  Re: how to activate Account lockedout option

                  Nooo - that's not what I meant.

                  There's a setting in Policy which allows accounts to unlock themselves after a set period. Once the occount is no longer locked, the option to unlock it is once again ghosted out. While the account is locked, the option is available and enabled - in other words I believe that either (a) the user was wrong; their account was not locked, or (b) it had already unlocked itself before you got to it.


                  Tom
                  For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                  Anything you say will be misquoted and used against you

                  Comment


                  • #10
                    Re: how to activate Account lockedout option

                    Originally posted by Stonelaughter View Post
                    ...There's a setting in Policy which allows accounts to unlock themselves after a set period...
                    GPO is...
                    Computer Config->Windows Settings->Security Settings->Account Lockout Policy->Account Lockout Duration [Default: Not Defined]
                    Last edited by ahinson; 6th March 2007, 22:41.
                    Andrew

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: how to activate Account lockedout option

                      Originally posted by ahinson View Post
                      75 DCs and hundreds to thousands of cals for which you pay through the nose - SBS cals aren't cheap!
                      I know, I know, you get more than a Windows 2003 license />
                      No there is still a maximum of 75 licenses in SBS with a max retail cost of $99 giving ~$7500 total. Wanna price SQL licenses for that number of clients?
                      TIA

                      Steven Teiger [SBS-MVP(2003-2009)]
                      http://www.wintra.co.il/
                      sigpic
                      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                      We donít stop playing because we grow old, we grow old because we stop playing.

                      Comment


                      • #12
                        Re: how to activate Account lockedout option

                        Originally posted by teiger View Post
                        No there is still a maximum of 75 licenses in SBS with a max retail cost of $99 giving ~$7500 total. Wanna price SQL licenses for that number of clients?
                        Okay, thanks for the reeducation, SBS is limited to a total of 75 licenses. I do recall reading that but forgot.

                        Anyway...

                        My point was this. With SBS, the initial cost is low but adding additional cals scales very poorly, based on what I've seen when building new machines. Based on OEM pricing, SBS cals are [$89.80] vs [$33.80] each. If you need 10 licenses, SBS is $20 less to buy [$948] vs Win2003 Standard [$968]. Assuming you don't want or care about Exchange its more cost effective in the long run to go non SBS if there's the slightest potential that there might be a need for that 11th cal.

                        Don't get me wrong, SBS does have its purposes, and like you said - comparing the licenses for premium against stand-alone pricing, well there's no comparison its cheaper.
                        Last edited by ahinson; 10th March 2007, 08:31.
                        Andrew

                        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                        Comment


                        • #13
                          Re: how to activate Account lockedout option

                          Sorry, Not using Exchange is not on my radar!, so in your scenario you are correct.
                          TIA

                          Steven Teiger [SBS-MVP(2003-2009)]
                          http://www.wintra.co.il/
                          sigpic
                          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                          We donít stop playing because we grow old, we grow old because we stop playing.

                          Comment

                          Working...
                          X