One of our users has to have me change his password everyday

One of our users has to have me change his password everyday.  The account is not getting locked out but the password just does not seem to work.  After I reset it to the same password it works fine.  The password is set to never expire.
LVL 2
mkurtzhalsAsked:
Who is Participating?
 
vladhCommented:
here's a couple of links for you to check-out:
http://www.experts-exchange.com/Security/Win_Security/Q_20418480.html

http://www.ultimatewindowssecurity.com/Details.aspx?ID=117

in addition, please check replication and time sync. Is there a terminal services session stuck for that user somewhere?
If the problem is ONLY with this user and he/she doesn't have a lot of permissions on file systems/printers etc, it may be easier to delete and re-create the account. You may want to document the users permissions before removing his account and maybe even re-acl them after the account is re-created (unless it's easier to reassign by hand)

good luck
0
 
vladhCommented:
could you give us more details please... is this an Active Directory user or a local user on a workstation? What's your environment? Is AD replication working Ok? Are there any apps/services running in that users' context that can potentially change users password? Spyware/hackers/viruses?
0
 
mkurtzhalsAuthor Commented:
It is a active directory user...I cannot think of any apps that could change it. Could it be a group policy issue since i set it to never expire and might be in a group that must chang passwords????  No viruses
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
vladhCommented:
may I suggest that you give that user another workstation to work on for a couple of days - then you will see if it is related to the users account in AD or the workstation he was working on... You may also want to take a packet trace of the traffic to and from the users workstation in question - this does sound like a spyware app of some sort trying to do nasty things behind your back.  You may want to download the latest hijackthis and/or AVG Anti-Spyware and give that workstation a thorough scan in a safe mode while disconnected from the network.
0
 
mkurtzhalsAuthor Commented:
It is from any workstation....
0
 
vladhCommented:
any error messages in DC event logs (security) in regards to that users' login/logout events and general replication issues? I assume that all other users are fine?
0
 
mkurtzhalsAuthor Commented:
So I did some digging and found error on the dc.  Pre-authentication failed for that user error 675
Not sure why this keberos error is happening here and for no one else
0
 
mkurtzhalsAuthor Commented:
I turned off pre auth and iwll test and then just recreate the account.  Just wanted to make sure that this wouldnt grow to a larger issue.

Thanks vladh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.