roy_batty
asked on
the system detected a possible attempt to compromise security
I have a user who is getting the above error when trying to access network shares via a mapped drive(s).
Prior to me seeing the issue she has changed her password. I have also reset her password again since from the small business server 2003 which runs the site.
I have noticed whilst logging in and out using her domain account that I get a message saying the account is locked out too. I have discovered that after initially managing to log in the account becomes "locked out" in AD. There is a tick in the relevant box in the users accounts tab in AD.
After the user logs in successfully I can go in and untick this account lock check box. The user then gets a different message when trying to access the share -"unknown username or bad password".
This same user is able to login to a different PC and access the shares no problem. I have just upgraded the troublesome PC with XP SP3 since discovering this issue but that didnt help. Although during the installation of the service pack (I installed it under the users account) I noticed that I was able to access the shared drives OK.
Any suggestions?
Prior to me seeing the issue she has changed her password. I have also reset her password again since from the small business server 2003 which runs the site.
I have noticed whilst logging in and out using her domain account that I get a message saying the account is locked out too. I have discovered that after initially managing to log in the account becomes "locked out" in AD. There is a tick in the relevant box in the users accounts tab in AD.
After the user logs in successfully I can go in and untick this account lock check box. The user then gets a different message when trying to access the share -"unknown username or bad password".
This same user is able to login to a different PC and access the shares no problem. I have just upgraded the troublesome PC with XP SP3 since discovering this issue but that didnt help. Although during the installation of the service pack (I installed it under the users account) I noticed that I was able to access the shared drives OK.
Any suggestions?
This forum has many mentioned why this message can come about , not really malicious but like firewall, DNS and kerberos options. E.g. "Use Kerberos DES Encryption types for this account"...not saying that it is false alarm, sometimes this slip the config at server side...
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/f8e84fe8-f756-435c-b816-07e0ce73881d
back to the issue, suspecting cached credential. the MSDN spell possibility but I see this as something we can test on
http://technet.microsoft.com/pt-br/library/cc773155(v=ws.10).aspx
User logging on to multiple computers: A user may log onto multiple computers at one time. Programs that are running on those computers may access network resources with the user credentials of that user who is currently logged on. If the user changes their password on one of the computers, programs that are running on the other computers may continue to use the original password. Because those programs authenticate when they request access to network resources, the old password continues to be used and the users account becomes locked out. To ensure that this behavior does not occur, users should log off of all computers, change the password from a single location, and then log off and back on.
Stored user names and passwords retain redundant credentials: If any of the saved credentials are the same as the logon credential, you should delete those credentials. The credentials are redundant because Windows tries the logon credentials when explicit credentials are not found. To delete logon credentials, use the Stored User Names and Passwords tool.
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/f8e84fe8-f756-435c-b816-07e0ce73881d
back to the issue, suspecting cached credential. the MSDN spell possibility but I see this as something we can test on
http://technet.microsoft.com/pt-br/library/cc773155(v=ws.10).aspx
User logging on to multiple computers: A user may log onto multiple computers at one time. Programs that are running on those computers may access network resources with the user credentials of that user who is currently logged on. If the user changes their password on one of the computers, programs that are running on the other computers may continue to use the original password. Because those programs authenticate when they request access to network resources, the old password continues to be used and the users account becomes locked out. To ensure that this behavior does not occur, users should log off of all computers, change the password from a single location, and then log off and back on.
Stored user names and passwords retain redundant credentials: If any of the saved credentials are the same as the logon credential, you should delete those credentials. The credentials are redundant because Windows tries the logon credentials when explicit credentials are not found. To delete logon credentials, use the Stored User Names and Passwords tool.
If you have waited so many years to upgrade to SP3 chances are high that it has been compromised by malware. Not using SP3 on XP Pc's is in my point of view absolutely careless, apart from that XP with SP3 is the ONLY 32 bit XP that is still supported by m$, and you only get security upgrades if it is installed.
Scan the PC thoroughly for malware using malwarebytes. Also run all the Windows updates since SP3...
http://www.malwarebytes.org/
Scan the PC thoroughly for malware using malwarebytes. Also run all the Windows updates since SP3...
http://www.malwarebytes.org/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
See my last comment. None of the suggestions came close but thanks for the help anyway.
or
net use * \\sharename /user:username /savecred
it should prompt you for the password then you should be good