?
Solved

Account Lockout

Posted on 2006-07-12
7
Medium Priority
?
672 Views
Last Modified: 2012-08-13
HI, AD2003

I recently changed the Admin password. and i know notice that badpassword attempts are happerning ever few seconds


I know which server is casuing the lockout due to event manager, but no idea how to find out whats causing it.
no MIS staff use this acocunt. no services are used with it, no scheduled tasks etc

how do you go about tracing the source thats locking the account out?

putthe password back to its old one and it stops logging bad passwords.  I do have trusts setup they dont hold passwod info (or do they?)

backup exec, and Symantec AV are also in use but no links to Admin password (that i know of)
0
Comment
Question by:mhamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Expert Comment

by:valrog
ID: 17090467
It does sound like you've got a service running using the Admin account.  Are you sure that you've checked all of them?  Also, make sure that the admin account isn't logged onto the desktop of the server causing the problem.
0
 
LVL 1

Expert Comment

by:neopro2
ID: 17091163
I guess you used this local admin account to install Symantic AV.
I use Sophos which actually asked during setup which local admin account to use. I should have converted it to a domain account but decided to leave it local.
The service is not running as that user but authenticating in behalf of a computer account for there access to the service.

You can increase event logons from gpedit.msc
computer config/windows settings/local policies/Audit policies:

this may assist in resolving
0
 

Author Comment

by:mhamer
ID: 17091586
Valrog  only two services use domain account neither are the one in question
they log out any one not active after 30 mins,   but yes checked and not logged on

Neopro2.


auditing is already on :-(
no local accounts as such on DC's it would have been intalled under this account, but i would have thought that as long as the user name has a working password that should not matter?

The service is not running as that user but authenticating in behalf of a computer account for there access to the service

dont follow
0
 
LVL 1

Expert Comment

by:neopro2
ID: 17092021
My antivirus Manager runs the service "local System"
But it was configured as a local admin account to allow connections from workstations in the domain.
eg:
the workstation loads the pre msi install with a local user account access. This way the users who are not in the domain but are allowed network access can be managed from this account.

Now if the workstations who have installed this application this way with the username and password defined, and i change that password bad password and it will be locked out. I hope i explained that correctly. But this does not mean Symanitc has that option. just something as a possiblity.
0
 
LVL 23

Accepted Solution

by:
TheCleaner earned 2000 total points
ID: 17092918
You can troubleshoot this with the Account Lockout tools from MS:

http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en


Other simple things to check is the Scheduled Tasks, if any, and any backup jobs or other scheduled jobs that may be running.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question