Accounts locked

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Couple of users (domain admin) are getting an account
lock out very frequently. One is getting the account
lock every morning, but after it is unlocked it last for
the whole day, but coming the next day the account is
locked again. Recently I applied the domain account
lockout policy and it is set to lock accounts after 3 bad
logons. Any suggestion?

Thanks,

Dechomai
3 answers Last reply
More about accounts locked
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    One case where I have seen this happening is where the user manually maps a
    drive to be persistent (reconnect at logon). Then the user changes his
    password (or is forced by the policy to do so). The mapped drive will try
    to reconnect with the credentials originally provided when the drive was
    mapped. Each mapped drive will cause a "hit" against the bad password
    count.

    There is a tool that is very useful in the diagnosis of this type of
    problem. The account lockout tool is available for download from microsoft
    (I don't have the URL).

    hope this helps.

    Bruce


    "dechomai" <anonymous@discussions.microsoft.com> wrote in message
    news:a0ac01c486e3$2b8bb1d0$a401280a@phx.gbl...
    > Couple of users (domain admin) are getting an account
    > lock out very frequently. One is getting the account
    > lock every morning, but after it is unlocked it last for
    > the whole day, but coming the next day the account is
    > locked again. Recently I applied the domain account
    > lockout policy and it is set to lock accounts after 3 bad
    > logons. Any suggestion?
    >
    > Thanks,
    >
    > Dechomai
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Set your account lockout threshold to at least ten as suggested by Microsoft if
    you are requiring your users to use complex passwords which will still protect
    you from brute force attacks.. In some situations one failed logon can generate
    multiple events to the counter on the domain controller and lock the user out.
    Common reasons for account lockouts are old user credentials used for a logon to
    another computer that was never logged off [including Terminal Servers] ,
    persistent mapped drives, Scheduled Tasks, used for service authentication, or
    stored/cached by an application requiring user credentials. The link below goes
    into more detail on what can cause account lockouts and how to track them
    own. --- Steve

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

    "dechomai" <anonymous@discussions.microsoft.com> wrote in message
    news:a0ac01c486e3$2b8bb1d0$a401280a@phx.gbl...
    > Couple of users (domain admin) are getting an account
    > lock out very frequently. One is getting the account
    > lock every morning, but after it is unlocked it last for
    > the whole day, but coming the next day the account is
    > locked again. Recently I applied the domain account
    > lockout policy and it is set to lock accounts after 3 bad
    > logons. Any suggestion?
    >
    > Thanks,
    >
    > Dechomai
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    On Fri, 20 Aug 2004 11:26:11 -0700, "dechomai"
    <anonymous@discussions.microsoft.com> wrote:

    >Couple of users (domain admin) are getting an account
    >lock out very frequently. One is getting the account
    >lock every morning, but after it is unlocked it last for
    >the whole day, but coming the next day the account is
    >locked again. Recently I applied the domain account
    >lockout policy and it is set to lock accounts after 3 bad
    >logons. Any suggestion?
    >
    >Thanks,
    >
    >Dechomai


    An scheduled task running in their account context?


    Jerold Schulman
    Windows: General MVP
    JSI, Inc.
    http://www.jsiinc.com
Ask a new question

Read More

Policy Domain Microsoft Windows