Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2000 Account Lockout?

Status
Not open for further replies.
cj92713696

cj92713696

Programmer
Nov 23, 2000
105
US
Windows 2000 Account Lockout:

I setup Windows 2000 security a long time ago to lock out user accounts after 15 unsuccessful login attempts. One of my in-house users is experiencing constant lockouts, everyday after lunch, and I have to manually uncheck acct. lockout via Active Directory every day! I know it is inadvisable considering I do not know the source of the problem, but can somebody out there inform me of the procedure to remove this security feature altogether. I no longer want to use acct. lockout features.

Thanks,
CJ
 
Sort by date Sort by votes
Depending on whether this is configured at domain level or on a local machine go to Administrative Tools|Domain Security Policy or Local Security Policy respectively. The setting is under Account Policies|Account Lockout Policies.
 
Upvote 0 Downvote
I used to have this problem in an NT domain. From what i could ascertain from MS, the SID is corrupted, and it causes symptoms like this. I used to delete the accounts in question and recreate which solved the problem. Dunno if it will work in 2k tho'.
 
Upvote 0 Downvote
I'm a little confused.

We only have two domain controllers in our Windows 2000 (native mode) network and the settings for

Account Policies|Account Lockout Policies

are set to off. To do this, I set "Account lockout threshold" to 0.

I just checked this value in 3 places:
1.) domain security policy
2.) local security policy on both domain controllers
3.) domain controller security policy

Is there something else I have to do after I set this value to 0 perhaps I've forgotten to do?

Thanks,
CJ
 
Upvote 0 Downvote
Most times, I find that it's another computer or a schedualed task with the wrong password that causes these issues.

It almost sounds like there is a task running at lunch time with that user's name and old password. The task fails and it will retry.. eventually, the account will be locked out.

The other option is that he is logged on another computer and he has recently changed passwords. The other computer will try to renew the security with the old password and it will eventually lock him out.

Check your security logs for computers that are failing security and inside you will have the username. Then you can match the computer and go log off the user.

Or, it could be an entirely different issue and this post will not help you.. hehe.. I've seen worse cases.



"In space, nobody can hear you click..."
 
Upvote 0 Downvote
perhaps the security policy is not enforced yet...
is the effective setting the correct one?
try running "secedit /refreshpolicy machine_policy" after changing your policy.
but what ReddLefty says is very valid though...perhaps a service configured with incorrect credentials?
 
Upvote 0 Downvote
Invalid SID is the cause here. If you continue to have this problem, remove and readd the computer account.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
215
antonio_dsanchez
antonio_dsanchez
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
316
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top