Solved

Local account on Windows 2003 getting locked

Posted on 2011-03-14
5
333 Views
Last Modified: 2012-06-27
I have a windows 2003 server that runs a 3rd party application. This 3rd party application installs 2 local accounts on this server and sets a default password.

We recently had to change the password on these two local accounts.There are many appliances on the network that use these two accounts to interface with the 3rd party application.

Since the change, we are having problems with these two local accounts getting locked.
We have made password updates in several places but the passwords keep getting locked.

I see evidence of password failures in the security event log but how can I track down the devices that are still using the old password?
0
Comment
Question by:itplatoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35132579
Are any services relating to the SW using those accounts to authenticate?
0
 
LVL 1

Expert Comment

by:Emanhan
ID: 35132596
Use lockoutstatus tool to find out which DC accoutn was locked on. From the DC that the user account was locked search the security logs which will tell you the host.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
http://support.microsoft.com/kb/824209
0
 

Author Comment

by:itplatoon
ID: 35133511
There are no services that run on the server that use either of these 2 local accounts.

It appears that the lockoutstatus tool only works on AD accounts; when I try to query on a local computer account, where I point to the server (which is not a domain controller), the query fails to provides any information.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
ID: 35136325
Hi,

check local account lockout policy, that affects the local system, [if this box is not on domain]
you can then disable the policy untill you find the root cause

generally the accounts get lockout if they throw bad passwords, so essentially you should be looking into the security logs and locate the events when bad password was used against those accounts and that caused them to lockout
0
 

Author Comment

by:itplatoon
ID: 35175890
I was able to resolve the issue by using the security event log and the system event log. I also checked the local account policy and it was set to 10 bad passwords and then it would lock out.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question