We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
COURSE of the MONTH
12 days, 6 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Local account on Windows 2003 getting locked
Posted on 2011-03-14
I have a windows 2003 server that runs a 3rd party application. This 3rd party application installs 2 local accounts on this server and sets a default password.
We recently had to change the password on these two local accounts.There are many appliances on the network that use these two accounts to interface with the 3rd party application.
Since the change, we are having problems with these two local accounts getting locked.
We have made password updates in several places but the passwords keep getting locked.
I see evidence of password failures in the security event log but how can I track down the devices that are still using the old password?
We recently had to change the password on these two local accounts.There are many appliances on the network that use these two accounts to interface with the 3rd party application.
Since the change, we are having problems with these two local accounts getting locked.
We have made password updates in several places but the passwords keep getting locked.
I see evidence of password failures in the security event log but how can I track down the devices that are still using the old password?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +1
5 Comments
Use lockoutstatus tool to find out which DC accoutn was locked on. From the DC that the user account was locked search the security logs which will tell you the host.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
http://support.microsoft.com/kb/824209
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
http://support.microsoft.com/kb/824209
There are no services that run on the server that use either of these 2 local accounts.
It appears that the lockoutstatus tool only works on AD accounts; when I try to query on a local computer account, where I point to the server (which is not a domain controller), the query fails to provides any information.
It appears that the lockoutstatus tool only works on AD accounts; when I try to query on a local computer account, where I point to the server (which is not a domain controller), the query fails to provides any information.
Hi,
check local account lockout policy, that affects the local system, [if this box is not on domain]
you can then disable the policy untill you find the root cause
generally the accounts get lockout if they throw bad passwords, so essentially you should be looking into the security logs and locate the events when bad password was used against those accounts and that caused them to lockout
check local account lockout policy, that affects the local system, [if this box is not on domain]
you can then disable the policy untill you find the root cause
generally the accounts get lockout if they throw bad passwords, so essentially you should be looking into the security logs and locate the events when bad password was used against those accounts and that caused them to lockout
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month12 days, 6 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.