Has anybody seen the an instance where all user and admin accounts in an active directory domain have been locked out. We suspect hacking or bulk password cracking. Or could it be a glitch in active directory? All servers had sp3 will all updates applied. Now have sp4 with all updates.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
User Accounts Locked out
- Thread starter koopie
- Start date
skymut
MIS
- May 7, 2002
- 36
- 0
- 0
I ran into this last year and posted with not much response. The problem just seemed to stop.
We have run into this problem again, TODAY. All 450 + accounts have been getting locked out every 15 to 20 minutes after unlocking. As the day has drawn to a close, and workstations are being shut down for the evening - it's not happening anymore. We are starting to wonder if there is a workstation that is causing a problem/infected/hacked/something.
I have been scrounging for info/documentation or something to find out what is causing it - with no luck.
Have you had any success? Please let me know.
If we have this problem tomorrow, our plan is to do a little packet capturing. Followed by shutting down all workstations in the district. Then bring them back up, campus by campus until the problem reappears. Then we will have it narrowed to a campus - assuming it is a workstation that is causing the trouble.
'If at first you don't succeed, then skydiving isn't for you.'
We have run into this problem again, TODAY. All 450 + accounts have been getting locked out every 15 to 20 minutes after unlocking. As the day has drawn to a close, and workstations are being shut down for the evening - it's not happening anymore. We are starting to wonder if there is a workstation that is causing a problem/infected/hacked/something.
I have been scrounging for info/documentation or something to find out what is causing it - with no luck.
Have you had any success? Please let me know.
If we have this problem tomorrow, our plan is to do a little packet capturing. Followed by shutting down all workstations in the district. Then bring them back up, campus by campus until the problem reappears. Then we will have it narrowed to a campus - assuming it is a workstation that is causing the trouble.
'If at first you don't succeed, then skydiving isn't for you.'
skymut
MIS
- May 7, 2002
- 36
- 0
- 0
Good news, we're about 75% certain that we have found the cause, at least on our network. New version of an old virus:
Just today, Mcafee elevated it from Low to Medium risk.
We have a corporate virus scan on most desktops in our district - we pushed dat updates today. However, in our logon script, we're pushing out a virus scanner called 'Stinger' - which is a free download from Mcafee.
It's a place to start. Good luck.
'If at first you don't succeed, then skydiving isn't for you.'
Just today, Mcafee elevated it from Low to Medium risk.
We have a corporate virus scan on most desktops in our district - we pushed dat updates today. However, in our logon script, we're pushing out a virus scanner called 'Stinger' - which is a free download from Mcafee.
It's a place to start. Good luck.
'If at first you don't succeed, then skydiving isn't for you.'
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question