Solved

User Accounts are locked sometimes

Posted on 2004-09-29
7
447 Views
Last Modified: 2012-06-27
Hi experts,
i have a problem with user accounts in my domain. They are locked sometimes without typing in the wrong password.
Password policies are set right (after 3 times....locked...).
It always are the same accounts, which gets locked. The same problem is with the service accounts in my domain, which are unused or inactive.
Event IDs: 40961, 40960 (LSASRV)

What could be the problem???

thanks in advance
mero + fypos
0
Comment
Question by:merowinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12177930
99 times out of 100 this is caused by someone else trying to log onto that account with THEIR password, cause they cant get their head around the fact that they need to change the username :)

you need to turn on audinting of logon events to make sure that there are unsuccessfull login attempts for these accounts before you worry about a glitch in policy etc, if you are recieving multiple failed login attempts for these accounts then is probably

a user with the IQ of a haddock trying to login as that user with theri own password
a service starting up on a PC or server that runs under that account and has the wrong/old password

if you are not recieving failed logon events then we need to investigate further
0
 
LVL 23

Accepted Solution

by:
Danny Child earned 500 total points
ID: 12178483
you should also check users who map drives to other locations with passwords, and then forgetting about them.

The main hassle is that you need to find which DC is triggering the lockout.  Each one will keep the entries in it's *own* security log, once you've turned on the auditing.

Also check for scheduled tasks which may have been set up with these accounts under the old passwords.  

servicepacking is another sensible thing to do...

for the service account lockouts, some suggestions here:
http://www.eventid.net/display.asp?eventid=40961&eventno=1398&source=LsaSrv&phase=1
and
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1

0
 
LVL 23

Expert Comment

by:rhandels
ID: 12178543
@Pete

>99 times out of 100 this is caused by someone else trying to log onto that account with THEIR password, cause they cant get their head around the fact that they need to change the username :)<<

So i'm not the only one that think some users are complete lonatics??? LOL

I do agree with Pete by the way, this has to do with account "bashing" by very good compu users... ;) Small extra fact, this can be set up using Group Policy on the doamin, so i would also check your account lock-out policy..
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 6

Expert Comment

by:Scott_Willcocks
ID: 12178728
Also lets not forget the old password protected screensavers.

User has one and then types in the password wrong three times and locks there pc out.

If I had 1p or 1 cent for everytime someones locked out there account by incorrectly typing the wrong password on the the screensaver I'd retire.

Give the users etch a sketches instead. And tell them to shake it if it goes wrong :)


But basically if it's only a few users and not everyone then it's the Users being a complete plank.
Remember
computers =  Good
Users = Idiots

and they should all be treated like little children with no knowlege.

It's the user
it's the user

take there computer away now and cut your support costs down.
0
 
LVL 5

Expert Comment

by:jmacmicking
ID: 12179875
One thing to be careful of; Windows has a known problem when a single account is logged on to multiple sessions/machines and the password for the account is changed.  If any of those sessions has network drives Windows will eventually lock the account out by repeatedly attempting to contact the network drive with the old password.  This is done even if you don't have the drive open (apparently Windows periodically checks the connection to the drive, causing the problem).  It won't happen immediately but usually doesn't take long.  This can happen if any of your service accounts use network drives or even if they belong to a group that would recieve network drives through a login script.  When you change a password on a service account you should at least stop and start any services that use the account.  Ideally you should reboot all the servers that use the account.

BTW--Last I checked the screen saver should not lock your account; it's been a bit of security hole for quite some time.  The screen saver only checks against the password you logged in with.  It doesn't contact the DC to check the password so the account doesn't get locked.  It's possible MS changed this behaviour though.
0
 
LVL 23

Expert Comment

by:Danny Child
ID: 12185543
the "account bashing" and screen saver theories are all well and good, but don't explain the service accounts getting locked out....
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12187340
Indeed Dan, but your suggestion of the services makes the advice complete.. So if we all help eachother, we would be getting somewhere ;) So why don't we all just take away the comps from our users as Scott suggested, my life would be better anyways, knowing my network would be working perfectly...

It's like someone said...

"My network would run perfectly if it wasn't for them damn users"

LOL
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question