the system detected a possible attempt to compromise security

I have a user who is getting the above error when trying to access network shares via a mapped drive(s).

Prior to me seeing the issue she has changed her password. I have also reset her password again since from the small business server 2003 which runs the site.

I have noticed whilst logging in and out using her domain account that I get a message saying the account is locked out too. I have discovered that after initially managing to log in the account becomes "locked out" in AD. There is a tick in the relevant box in the users accounts tab in AD.

After the user logs in successfully I can go in and untick this account lock check box. The user then gets a different message when trying to access the share  -"unknown username or bad password".

This same user is able to login to a different PC and access the shares no problem. I have just upgraded the troublesome PC with XP SP3 since discovering this issue but that didnt help. Although during the installation of the service pack (I installed it under the users account) I noticed that I was able to access the shared drives OK.

Any suggestions?
Who is Participating?
roy_battyDirectorAuthor Commented:
I cleared the cached usernames and passwords for this user on the PC then rebooted and the issue went away. It appears to have been using the correct details whilst logging into the PC but then using these incorrect cached details when trying to connect the the shares.
David Johnson, CD, MVPOwnerCommented:
on the affected machine check the credential manager and edit the offending share
net use * \\sharename /user:username /savecred

it should prompt you for the password then you should be good
btanExec ConsultantCommented:
This forum has many mentioned why this message can come about , not really malicious but like firewall, DNS and kerberos options. E.g. "Use Kerberos DES Encryption types for this account"...not saying that it is false alarm, sometimes this slip the config at server side...

back to the issue, suspecting cached credential. the MSDN spell possibility but I see this as something we can test on

User logging on to multiple computers: A user may log onto multiple computers at one time. Programs that are running on those computers may access network resources with the user credentials of that user who is currently logged on. If the user changes their password on one of the computers, programs that are running on the other computers may continue to use the original password. Because those programs authenticate when they request access to network resources, the old password continues to be used and the users account becomes locked out. To ensure that this behavior does not occur, users should log off of all computers, change the password from a single location, and then log off and back on.

Stored user names and passwords retain redundant credentials: If any of the saved credentials are the same as the logon credential, you should delete those credentials. The credentials are redundant because Windows tries the logon credentials when explicit credentials are not found. To delete logon credentials, use the Stored User Names and Passwords tool.
If you have waited so many years to upgrade to SP3 chances are high that it has been compromised by malware. Not using SP3 on XP Pc's is in my point of view absolutely careless, apart from that XP with SP3 is the ONLY 32 bit XP that is still supported by m$, and you only get security upgrades if it is installed.

Scan the PC thoroughly for malware using malwarebytes. Also run all the Windows updates since SP3...
roy_battyDirectorAuthor Commented:
See my last comment. None of the suggestions came close but thanks for the help anyway.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.