Solved

W2K Local accounts lock out

Posted on 2003-10-27
12
273 Views
Last Modified: 2010-05-18
We're a small engineering company and have several people who travel infrequently. Everyone is assigned a desktop PC and I have a pool of Loaner laptops for people travelling. My problem as of late is that all local accounts (3-5 of them) on the laptop will become locked out at the same time. The only way for me to unlock them is to have them ship the laptop or wait till they return and hook the laptop back to the network and have one of the Domain Admins or Helpdesk Staff (both are members of the Adminstrators group) unlock all local accounts.
They are generally only using one of the accounts and in some instances do not even know the names of additional local accounts to attemp to log-in so as not to expect the "Account Lockout Policy", although it is set to 3 unsuccesful log-in attempts on the domain side.
If you need more information let me know.
0
Comment
Question by:dtm301
  • 4
  • 4
  • 2
12 Comments
 
LVL 1

Expert Comment

by:mrochac
ID: 9628849
Maybe provide youre user with Local admin rights, or power users, i've had some many problems with that in the pass that we've decided to give all our Coporate users admin. rights, and other power users. It got to the point where this like that would happen and there was nothing we could do remotely, most of our systems now also has DAMEWARE installed which give us a little bit of flexcibility when problems like that happen and the users are on the road.

Resus.
0
 

Author Comment

by:dtm301
ID: 9629814
All local user accounts that are locking out are local admin accounts as well.
In addition users that do have laptops permanently assigned to them do not have this problem but their domain accounts are added to the local admin group on the laptops.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9632404
Open GPEDIT.MSC and do the following:

Computer Config > Windows Settings > Security Settings > Account Policies > Account Lockout and change the ACCOUNT LOCKOUT THRESHOLD
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 15

Expert Comment

by:Rob Stone
ID: 9632410
Computer Config > Windows Settings > Security Settings > Account Policies > Account Lockout and change the ACCOUNT LOCKOUT THRESHOLD to 0.

Sorry, pressed enter by mistake and missed the vital part off!
0
 

Author Comment

by:dtm301
ID: 9632927
That only changes the Local Setting, The effective setting will still only be 3 Invalid logon attempts as that is what is set through the GPO. These laptops are members of the Domain so they get all GPO settings, hence local settings are ineffective.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9633113
Can you not create a new OU for laptops then and change the GPO for them?

If they are on the road (not connected to network) then the local policy should work as it won't find the network gpo.
0
 

Author Comment

by:dtm301
ID: 9633210
I guess we are missing the point.
First all local accounts are being locked out regardless of them being used or not, in some instances accounts that have never even been logged into have been locked out.
Second, I have made attempts to change the account lockout policy to no avail. My question is, what would be locking out all Local Accounts regardless of their group membership?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9633915
Sorry, not came across this before.

Maybe its worth trying a few things.

Try SFC /SCANNOW to check any Windows Protected Files haven't been overwritten.  Shot in the dark, but its worth a try on strange issues.

Upgrade the SP if not already on SP4

Run a AV scan if not already done so.

Setup Auditing to see if anything is trying to access the accounts.

Is there anything in the event viewer?
0
 
LVL 1

Accepted Solution

by:
mrochac earned 250 total points
ID: 9635695
Local groups only? Domain users as well? If everyone is getting locked out
it is usually a denial of service attack. Make sure that all machines are up
to date with critical updates and virus definitions and see the account
lockout whitepaper here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp

Hope this helps,

Resus.
0
 

Author Comment

by:dtm301
ID: 9635807
These are just local accounts setup on the laptops, I do not have any problems with domain accounts. The local accounts are not assigned to any one specific group (administrators, Power User, Users). The laptops at times are not even connected to a network or via an ISP yet still lockout.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question