Solved

Getting locked out my domain account every 15 to 30 minutes

Posted on 2009-04-06
7
1,672 Views
Last Modified: 2013-11-30
since i changed my password i have been getting locked out of my domain account.  How can I quickly find out what server and what server is causing me to get locked out?
0
Comment
Question by:Steve Samson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24080062
Review the security event logs on the domain controller.  You should be able to see logon failures logged and it should show the offending machine.

It's probalby a server service that is using the old logon password.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24080080
Along the lines of xuserx2000's comments.....

As a general rule of thumb, it is better to have service accounts (local or domain) to run services and scheduled tasks.  If your account is consistently getting locked out every 30 minutes or hour, it could also be a scheduled task in addition to a Windows service.
0
 

Author Comment

by:Steve Samson
ID: 24080454
Senario:  I work for a large company as a DBA, Our network admin doesn't allow us to have the SQLservice account password, so when we do un upgrade or patch we have to use our login to gain access tempararaly to network resources, then we notify her of the service that needs the logon reassigned.  the problem is as stupid as i ws a did not write the server down that was updated upto 4 months ago. so now i am left with as much as a 15 minute window to research what server it was.  

All I know is at .25 cents a password change i will be reinvesting in our economy at a rate equal to the federal government!  :(
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 31

Expert Comment

by:Justin Owens
ID: 24080489
LOL!  Your system Admin should be able to audit your DC to determine the bad password's origination.  Once that is discovered, it should be a relatively simple thing to log into that server and change the security settings.  Still, it may cost more than $.25. :)
0
 

Author Comment

by:Steve Samson
ID: 24080554
DrUltima,  You would think so, but the admins don't like to share information with us, I know how to check it, (having been an admin in the past) its that I dont have admin access to look at the dc logs.  so its social engineer or hack, so lets just say that SE is not a solution when dealing with drones.


0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 24080795
Hrm...  I have been a SysAd for about 14 years.  If I told a user that I wouldn't audit my DC to get them the info they would needed, I REALLY hope my boss would write my butt up, because that is a primary function of a SysAd: support the users!  I cannot imagine a scenario where a SysAd shouldn't provide that info for you.  That said, you know your environment better than me.  I just cannot stand people like that.

I don't know what to tell you other than go through the trial and error process if you cannot get an AD audit or get your SysAd to change the Event Log's read properties to allow you to access them.  I don't really feel comfortable on submitting here how to hack AD security on a DC to get the info you need... ;-)

Sounds like you are in a Black Hole. :(
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24080814
agree with DrUltima.

You have a problem, and the sys admin's should be at least helpoing to get it fixed for you.  Especially since you do not have access to fix it yourself.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Determining the an SCCM package name from the Package ID
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question