Solved

I keep getting locked out!

Posted on 2004-04-21
12
995 Views
Last Modified: 2010-04-13
Surely some of you admins have seen this...anyone have an answer?

I'm in a W2k AD.
Seems like every time I change my password, I go through about 2 weeks of having it lock on me for no apparent reason.
I'll be navigating thru my servers and all of a sudden get the "attempt to compromise security" message, or simpy a message that my account is locked out.

I'm sure the reason is that somewhere among the 140+ servers I support, I locked the remote console instead of logging out (or at least partially sure).

a) any way around this
b) any way of determining if my account is logged on elsewhere?

TIA
0
Comment
Question by:sirbounty
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 7

Assisted Solution

by:magus123
magus123 earned 75 total points
Comment Utility
i am sure you caon probably do some auditing policy are something of that nature.
your delima represents a security issue , permission issue , request issue etc.
you should have a policy in place to track logon requests , user and group manamagment etc
forthe admin account

i would setup up a audit that tracks all deny logon requests for the network.

have you checked  AD to see if no one else has the same power as you

etc....
0
 
LVL 1

Assisted Solution

by:ninpokai
ninpokai earned 75 total points
Comment Utility
Not sure if this is the same problem as what I had.  For some reason after I changed my password i would, periodically, throughout the day get locked out.  I would have to get back in and unlock my account and then a couple of hours later I got locked out again.  I simply took my workstation back to a workgroup and rejoined the domain and it's been fine since...not sure why it worked or why it happened...let me know how it does.

Nin
0
 
LVL 67

Author Comment

by:sirbounty
Comment Utility
>magus123 - I think I'd have to set up this policy across the enterprise - wouldn't I?  Not something I'm prepared to do.
Also, it's not like I've tried logging in with the wrong password - I am logged on for an hour or more before the 'weirdness' kicks in...

>ninpokai - Hmm - almost sounded like this would be on the right track, but I've experienced this problem through about 4 rebuilds now (over a year or longer) - so I don't think that'd do it...If no other suggestions, I may still give it a shot though.. Thanx.
0
 
LVL 7

Expert Comment

by:magus123
Comment Utility
i would not use audting or tracking on  very large enterprise , as it would slow down traffic and
cause behaviors , its only ment for samller local intranets. i would wait for someone that has
more experience to post .

have looked on ms support for known lockout issues in AD
0
 
LVL 67

Author Comment

by:sirbounty
Comment Utility
Strange thing is - it's happening with both of my accounts.
I have an 'admin' account and a 'user' account.  I change the password on both at the same time, so they'll stay in synch.
I know I wouldn't have used my user account elsewhere...it's only used to get into my email - and I was in there fine and working when it locked on me... :(
0
 
LVL 1

Expert Comment

by:ninpokai
Comment Utility
have you logged out of the domain and back in...??? Just curious if you user profile is corrupted for some reason...
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 100 total points
Comment Utility
I actually saw this thread yesterday, and gave it some thought..  Nothing really came to mind so I thought I would just wait for a brilliant answer to your problem...  :)

This probably does not apply to your situation, but..

http://support.microsoft.com/?kbid=275508

What about using a 15 char password (if you are not already..)  Take the LM hash out of the mix..  You could even use a null char (a) to string it out..   Know I am grasping here, but what the heck..
0
 
LVL 67

Author Comment

by:sirbounty
Comment Utility
straws are okay with me - I'll check that option on Monday FE.
Yes, I've rebooted and logged out several times...seems to happen every time I've changed my password
0
 
LVL 67

Author Comment

by:sirbounty
Comment Utility
FE - it may be Thursday or the following Monday b4 I can test this...I've got a ton of server upgrades this week, so I'll be WAH...
I'll keep you posted though - thanx.
0
 
LVL 67

Author Comment

by:sirbounty
Comment Utility
Looks like, as suspected, I had locked a @# server console somewhere...a peer stumbled across it last night...
Thanx for the help though - I'm sure this will help someone. :D
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
With that many servers, I suspect it is not hard to do..!!!  Since I only maintain 5 servers, and I have done the same thing, I have no room to say a word..!!!    :)  

0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
BTW:  thankQ SB...  Wish we could have helped more though..  :)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A procedure for exporting installed hotfix details of remote computers using powershell
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now