[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

One of our users has to have me change his password everyday

One of our users has to have me change his password everyday.  The account is not getting locked out but the password just does not seem to work.  After I reset it to the same password it works fine.  The password is set to never expire.
0
mkurtzhals
Asked:
mkurtzhals
  • 4
  • 4
1 Solution
 
vladhCommented:
could you give us more details please... is this an Active Directory user or a local user on a workstation? What's your environment? Is AD replication working Ok? Are there any apps/services running in that users' context that can potentially change users password? Spyware/hackers/viruses?
0
 
mkurtzhalsAuthor Commented:
It is a active directory user...I cannot think of any apps that could change it. Could it be a group policy issue since i set it to never expire and might be in a group that must chang passwords????  No viruses
0
 
vladhCommented:
may I suggest that you give that user another workstation to work on for a couple of days - then you will see if it is related to the users account in AD or the workstation he was working on... You may also want to take a packet trace of the traffic to and from the users workstation in question - this does sound like a spyware app of some sort trying to do nasty things behind your back.  You may want to download the latest hijackthis and/or AVG Anti-Spyware and give that workstation a thorough scan in a safe mode while disconnected from the network.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
mkurtzhalsAuthor Commented:
It is from any workstation....
0
 
vladhCommented:
any error messages in DC event logs (security) in regards to that users' login/logout events and general replication issues? I assume that all other users are fine?
0
 
mkurtzhalsAuthor Commented:
So I did some digging and found error on the dc.  Pre-authentication failed for that user error 675
Not sure why this keberos error is happening here and for no one else
0
 
vladhCommented:
here's a couple of links for you to check-out:
http://www.experts-exchange.com/Security/Win_Security/Q_20418480.html

http://www.ultimatewindowssecurity.com/Details.aspx?ID=117

in addition, please check replication and time sync. Is there a terminal services session stuck for that user somewhere?
If the problem is ONLY with this user and he/she doesn't have a lot of permissions on file systems/printers etc, it may be easier to delete and re-create the account. You may want to document the users permissions before removing his account and maybe even re-acl them after the account is re-created (unless it's easier to reassign by hand)

good luck
0
 
mkurtzhalsAuthor Commented:
I turned off pre auth and iwll test and then just recreate the account.  Just wanted to make sure that this wouldnt grow to a larger issue.

Thanks vladh
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now