Accounts getting locked out solution?

Discussion in 'MCSA' started by keith chilton, Jul 12, 2007.

  1. How can I work on fixing the problem for an account that keeps getting
    locked out in AD? I don't know why it's getting locked out and actually it
    would just be nice if the account was UNABLE to get locked out at all. There
    are no applied GPOs tied to the account when I do a GPRESULT therefore there
    are no password lockouts happening out (i dont think). It's on a server 2003
    PC so like I said i would really like it if there were to prevent lockouts
    from ever happening again.

    Is there a way to force this? That would be great.

    ****River Valley Financial Bank, Internet Email Confidentiality Footer****
    Privileged/Confidential Information may be contained in this message. If you
    are not the addressee indicated in this message (or responsible for delivery
    of the message to such person), you may not copy or deliver this message to
    anyone. In such case, you should destroy this message, and notify us
    immediately. If you or your employer does not consent to Internet email
    messages of this kind, please advise us immediately. Opinions, conclusions
    and other information expressed in this message are not given or endorsed by
    my firm or employer unless otherwise indicated by an authorized
    representative independent of this message. All Securities are offered
    through Money Concepts Capital Corp., 7828 East 88th Street, Indianapolis,
    Indiana 46256, 317-841-0370. Member NASD/SIPC. Not FDIC Insured, No Bank
    Guarantees, May Lose Value.
    keith chilton, Jul 12, 2007
    1. Advertisements

  2. keith chilton

    John R Guest

    Account lockouts happen because thresholds set in the Account Lockout Policy
    have been exceeded. These settings apply to all users, and I don't believe
    they can be specified for any particular user. If this machine is part of a
    domain, then the account lockout policy is specified in the default domain
    policy gpo for the domain. If this machine is not part of a domain, then
    they are set on the individual machine (gpedit.msc). In the computer
    configuration node, expand 'Windows Settings', 'Security Setings', 'Account
    Policies', and then 'Account Lockout Policy'.

    For domain computers, I would setup auditing of both "logon events" and
    "account logon events", both success and failure, on the default domain
    controllers policy, and then watch the security event logs on each domain
    controller (because you don't know where it is coming from). For non-domain
    computers, just set it up for that computer and watch it's security event
    log. This is specified in the Computer Configuration node, 'Windows
    Settings', 'Security Settings', 'Local Policies', 'Audit Policy'.

    In a domain environment, you can use the 'Log On To' settings on the Account
    Tab of the user object to limit what computers the account is allowed to log
    on to. This might help slow down any would be attempts at security

    John R
    John R, Jul 12, 2007
    1. Advertisements

  3. I've got this problem in two situations specially when internet service is
    available within the organization.
    1. a program is installed on the user machine, this program needs to access
    a network resource for example Internet with an old password
    THUS TRY to uninstall any unuseful programs just for eliminating this
    2. just after I unlock the user account that is located in a different site
    I mean he is autheticated by another domain controller, the user is happy
    and go directly to internet ; there the user enters an authentication
    failure process between ISA server and domain controllers ; consequenlty the
    the account locks again
    THUS TRY to ask the user not access the internet for a while

    system administrator
    SH/BP/Statoil Joint venture
    Algeria operations.
    benzida badreddine \(yahoo account\), Sep 10, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.