?
Solved

How do I stop users accounts getting locked out?

Posted on 2008-06-26
15
Medium Priority
?
1,899 Views
Last Modified: 2013-12-04
This is a tricky one, since the users are non-domain users, so work LOCALLY from their laptops and not logging into a domain as such. I have ,however, created them accounts in AD in order allow them access to our domain. Basically, they are guests who have their own domain, but obviously cant use or login once they enter our site, but they need to use our printers, access the network resources, etc. I normally get them to do this by Start>Run> type ip address of the domain controller

This then asks them to authenticate their username and password (which I have provided them with). But surprisingly on the first attempt it locks their AD account! I read somewhere its something to do with caching their password somewhere.

Please can someone help, its not affecting everyone, but its really annoying as I cant seem to nail down why its just affecting one user (esp since to my knowledge there are no local policies setup to do this).

thanks
0
Comment
Question by:k3t4n_uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
15 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 21873542
which is the time difference between clients laptops and the nearest DC?
0
 

Author Comment

by:k3t4n_uk
ID: 21873718
there is no time difference. they are sitting in the same building as the DC.
0
 
LVL 25

Expert Comment

by:slam69
ID: 21873758
My guess would be the password has expired by the time they need to use it again, but as they dont log into the domain they dont get the option to reset it. you could try setting the password to never expire or alternatively increase length of password age
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:k3t4n_uk
ID: 21874570
I dont want to increase the length of password age in Group policy, as this will prevent users from changing passwords the same day using Outlook Web Access. I had this issue a couple of days ago.

As a result, I havent enforced any Account Lockout policies, and have left them undefined.

Any other ideas?
0
 
LVL 25

Expert Comment

by:slam69
ID: 21874622
you could try stopping credentials being cached but cant see that helping the situation

check teh stored passwords section of users and computers in advanced hit manage passwords...anything showing in their?
0
 

Author Comment

by:k3t4n_uk
ID: 21875622
sorry not sure i follow. are you referring to Active directory?
0
 
LVL 25

Expert Comment

by:slam69
ID: 21877558
sorry no not ad if you go to teh control panel on the machine their is an applet in ther called users and computers have a look in there
0
 

Author Comment

by:k3t4n_uk
ID: 21883886
oh ok. I see. but unfortunately, nothing in there im afraid. One thing I did see however, is that there are various local security lockout and account password policies. Please can someone advise if this is the issue or not.
0
 
LVL 25

Expert Comment

by:slam69
ID: 21883917
you would expect there to be account password policies, however can you be more specific as to what you have being enforced
0
 

Author Comment

by:k3t4n_uk
ID: 21884266
Under Control Panel, Administrative Tools>Local Security Policy

Account Policies
-------------------------
enforce password history=24 passwords remembered
maximum password age=30 days
minimum password age=0 days
min password length=6 chars
password must meet complexity requirements=enabled
store pass usign reversible encryption=disabled

Account lockout policy
----------------------------

Account lockout duration=not applicable
Account lockout threshold=0 invalid logon attempts
Reset account lockout counter after=not applicable



Any ideas???


0
 
LVL 25

Accepted Solution

by:
slam69 earned 2000 total points
ID: 21884364
Yup increase the account lockout threshold to 3
0
 

Author Comment

by:k3t4n_uk
ID: 21884394
would this prevent them getting locked out?

they are using start>run

then entering the ip address of the DC. This usually works for them, and prompts for username and password. Lately, its just showing as 'you do not have access to this resource. please see administrator'. Basically words to that effect. If this local policy setting is causing it, shall i change it for all users?
0
 
LVL 25

Expert Comment

by:slam69
ID: 21884430
think its worth a try otherwise they get locke dout straight away Im not 100% this will work but its the next thing to try
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month11 days, 14 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question