Link to home
Create AccountLog in
Avatar of 4CHail
4CHail

asked on

Account Lock out

Ok, i am being locked out periodically through out the day. when my windows 7 64 bit laptop is connected to the netowork i get locked out. when it is not connected i do not get locked out. so im certain it is something on this box but i can not determine what the cause is. i have tried altools. the alstatus on the DC has bad password attempts.  i am unable to get the alinfo.exe to run on this 64 bit machine and unable to get alockout.dll to create the .log file. any suggestions would be greatly appreciated. i may have to reimage my machine. please help. thanks.  
Avatar of pkarrel
pkarrel

Start by
Your logging  from that account that is local. Verify The problem is dc caused. Next set up credential caching. If that fails leavethe domain to see if the problems is caused by being a member of a domain.
Sounds like the old salidy type virus, check the bad logon attemps on your DC (comp Management, event viewer, security) see if there are alot of bad attemps especially for your name, look at the WorkStation name, if its not your pull the machine and scan it.
Avatar of McKnife
There might be scheduled tasks running that saved your old password. Could be any form of saved credentials.
You added alockout.dll to system32, ran Appinit.reg, restarted, and then checked for WinDir%\debug\ALockout.txt right?

Also, a reimage would be overkill, re-creating the user profile will removed a cached credentials.
Avatar of 4CHail

ASKER

to: Lordy123,
Yes i did add it, ran the appinit and restarted. the alockout.txt didnt show up. im not sure why it didnt work. i thought maybe because this is 64 bit. i will try again.
Avatar of 4CHail

ASKER

i dont think it is a virus. i pulled the harddrive and scanned it with another box. i was trying to rule out the virus scenerio.
It works on 64 bit machines, did you wait for the account to lockout again after doing the above steps?
Avatar of 4CHail

ASKER

yes, the account get locked out pretty fast.
Gotcha, yeah I don't think alockout.dll works with Win7 try and look here:
Start, Run, type "control userpasswords2" (no quotes) enter.
Click Advanced tab.
Click "Manage Passwords"
Check cached accounts
Avatar of 4CHail

ASKER

ok, i removed the troubled box from the domain. while it was not a domain member but still connected to the domain i was still locked out. does that indicate anything?
Did you already try to clear any cached domain creds from control userpasswords2?
If so I would expect to see a scheduled task that is running using your creds.
Avatar of 4CHail

ASKER

i didnt see any cached domain creds. there are so many schedualed tasks in there im not sure how to determine which is causing the issue. are there some that windows requires?  can i delete them all?
When you open up task scheduler the only ones you are concerned about would be under "WPD" clicking on the task will show you "Security Options" and sho the task is runnign as. If you see the user right click the task hit properties, and hit change user/ group add the user back and save if you are logged in as the user it will update using your logged in creds.
ASKER CERTIFIED SOLUTION
Avatar of 4CHail
4CHail

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
> while it was not a domain member but still connected to the domain i was still locked out
What? So the account we are talking about is not a domain user but a local user? Why are you working with a local user in the first place? Even if you are offline you can work using your domain account.
> while it was not a domain member but still connected to the domain i was still locked out
What? So the account we are talking about is not a domain user but a local user? Why are you working with a local user in the first place? Even if you are offline you can work using your domain account.

He is saying that he took the PC out of the domain not the user. While the PC was out of the Domain but still physically attached to the same network it locked the account.
Yeah, it sucks that they don't have all the admin tools in place for win7 yet. I still tend to think it is a virus. ReImaging may be the only option but just for my own curiosity I would run malwarebytes http://www.malwarebytes.org , it it a bit more intensive than just an antivirus.
A reimage would be overkill, re-creating the user profile will removed any cached credentials.
Before re-imaging consider creating a new local user & log in locally to the laptop.
Avatar of 4CHail

ASKER

Thanks for all the suggestions. the reimage was the last option but i had to take it.
Avatar of 4CHail

ASKER

Had to take the reimage option. all other suggestions didnt work out. thanks to the experts for all the suggestions.