Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Account lockouts

Status
Not open for further replies.
JBC

JBC

MIS
Aug 10, 1999
27
CA
I have noticed that throughout the last week there has been a lot of account lockouts on the network for users with little rights and administrators. I have a feeling that the accounts are being locked out because of some flaw and not a security breech. Is there anything that would cause this in a Nation wide WAN? Time Sync. maybe?<br>
<br>
Any help is greatly appreciated.<br>
John
 
Sort by date Sort by votes
Have seen this pattern when an audit or security department gets one of the scanning tools that has a guess pw option. Some of the scanning and/or security tools are very easy to use and misuse. Without realizing the implications of a brute force dictionary attack on an account domain, they go for and ... Such tools misused are powerful denial of service attack mechanisms.<br>
<br>
This is why one should never disable the buildin administrator accounts or emasculate it. Rather one should use passprop to protect this account from brute force attacks. See:<br>
<br>
 
Upvote 0 Downvote
I am having the same problem with spurious lockouts. They are from windows95 machines and seem to happen while the user is logged on. The system stops them accessing the Home$ directory and the user needs to relogon after we have unlocked the account in the User Manager for domains.<br>
<br>
Any thoughts or ways to monitor the problem to see what is happening. Much appreciated.
 
Upvote 0 Downvote
I have experienced a similar problem which may be related, but possibly more a once off. If users change desks regularly and are using roaming profiles then for some reason their local profile is written to the machine they are currently logged onto AND the machine they last logged onto. Use SMS to check which machines the username in question last logged onto. Delete all local profiles that are still being written to except for the current machine(check write date of ntuser.dat file on local machines).
 
Upvote 0 Downvote
Check how many times your user manager allows an user to enter an incorrect login or password, before it locks out the account. Also, check the time the lockout is set too. <p>Joe Gallo<br><a href=mailto:joe.gallo@gsiarch.com>joe.gallo@gsiarch.com</a><br><a href= > </a><br>
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
315
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
263
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
Strange 2008 R2 AD login lockouts!
Replies
1
Views
58
DrB0b
DrB0b
Kiwica
  • Locked
  • Question
Locked out domain account
Replies
4
Views
94
Kiwica
Kiwica
goombawaho
  • Locked
  • Question
How to open Change user role for user accounts wizard
Replies
2
Views
83
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top