?
Solved

Getting locked out my domain account every 15 to 30 minutes

Posted on 2009-04-06
7
Medium Priority
?
1,679 Views
Last Modified: 2013-11-30
since i changed my password i have been getting locked out of my domain account.  How can I quickly find out what server and what server is causing me to get locked out?
0
Comment
Question by:Steve Samson
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24080062
Review the security event logs on the domain controller.  You should be able to see logon failures logged and it should show the offending machine.

It's probalby a server service that is using the old logon password.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24080080
Along the lines of xuserx2000's comments.....

As a general rule of thumb, it is better to have service accounts (local or domain) to run services and scheduled tasks.  If your account is consistently getting locked out every 30 minutes or hour, it could also be a scheduled task in addition to a Windows service.
0
 

Author Comment

by:Steve Samson
ID: 24080454
Senario:  I work for a large company as a DBA, Our network admin doesn't allow us to have the SQLservice account password, so when we do un upgrade or patch we have to use our login to gain access tempararaly to network resources, then we notify her of the service that needs the logon reassigned.  the problem is as stupid as i ws a did not write the server down that was updated upto 4 months ago. so now i am left with as much as a 15 minute window to research what server it was.  

All I know is at .25 cents a password change i will be reinvesting in our economy at a rate equal to the federal government!  :(
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 31

Expert Comment

by:Justin Owens
ID: 24080489
LOL!  Your system Admin should be able to audit your DC to determine the bad password's origination.  Once that is discovered, it should be a relatively simple thing to log into that server and change the security settings.  Still, it may cost more than $.25. :)
0
 

Author Comment

by:Steve Samson
ID: 24080554
DrUltima,  You would think so, but the admins don't like to share information with us, I know how to check it, (having been an admin in the past) its that I dont have admin access to look at the dc logs.  so its social engineer or hack, so lets just say that SE is not a solution when dealing with drones.


0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 24080795
Hrm...  I have been a SysAd for about 14 years.  If I told a user that I wouldn't audit my DC to get them the info they would needed, I REALLY hope my boss would write my butt up, because that is a primary function of a SysAd: support the users!  I cannot imagine a scenario where a SysAd shouldn't provide that info for you.  That said, you know your environment better than me.  I just cannot stand people like that.

I don't know what to tell you other than go through the trial and error process if you cannot get an AD audit or get your SysAd to change the Event Log's read properties to allow you to access them.  I don't really feel comfortable on submitting here how to hack AD security on a DC to get the info you need... ;-)

Sounds like you are in a Black Hole. :(
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24080814
agree with DrUltima.

You have a problem, and the sys admin's should be at least helpoing to get it fixed for you.  Especially since you do not have access to fix it yourself.
0

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question