We help IT Professionals succeed at work.

MBSA Password check lockout and clearing lockout  counts

I'm seeing some accounts giving account lockout events related to the MBSA scans.  According to the link on the report, the password check "attempts a password change request", and then goes on to say "account lockout policy counts will be reset on the scanned computer."

First - how does the change password attempt take place without actually changing the password?  If it does change the password for an account, how does it change it back to pre-attempt value?

Second - How do the lockout counts get reset?  That suggests there is a mechnism available to reset the lockout count - an attack vector if I've ever seen one.

Thanks for any input.
Comment
Watch Question

hirenvmajithiyaManager (System Administration)

Commented:
First of all check your nework for Conficker virus. It is the main reason for the problem you described.

Author

Commented:
Are you saying conficker is tripping the lockout or causing the MBSA to trip the lockout?
It's not conficker.  I get lockout notifications any time the scheduled MBSA reports are triggered.

Author

Commented:
Question was not answered.