?
Solved

the system detected a possible attempt to compromise security

Posted on 2012-09-10
5
Medium Priority
?
1,111 Views
Last Modified: 2012-09-22
I have a user who is getting the above error when trying to access network shares via a mapped drive(s).

Prior to me seeing the issue she has changed her password. I have also reset her password again since from the small business server 2003 which runs the site.

I have noticed whilst logging in and out using her domain account that I get a message saying the account is locked out too. I have discovered that after initially managing to log in the account becomes "locked out" in AD. There is a tick in the relevant box in the users accounts tab in AD.

After the user logs in successfully I can go in and untick this account lock check box. The user then gets a different message when trying to access the share  -"unknown username or bad password".

This same user is able to login to a different PC and access the shares no problem. I have just upgraded the troublesome PC with XP SP3 since discovering this issue but that didnt help. Although during the installation of the service pack (I installed it under the users account) I noticed that I was able to access the shared drives OK.

Any suggestions?
0
Comment
Question by:roy_batty
5 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38385148
on the affected machine check the credential manager and edit the offending share
or
net use * \\sharename /user:username /savecred

it should prompt you for the password then you should be good
0
 
LVL 65

Expert Comment

by:btan
ID: 38385236
This forum has many mentioned why this message can come about , not really malicious but like firewall, DNS and kerberos options. E.g. "Use Kerberos DES Encryption types for this account"...not saying that it is false alarm, sometimes this slip the config at server side...

http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/f8e84fe8-f756-435c-b816-07e0ce73881d

back to the issue, suspecting cached credential. the MSDN spell possibility but I see this as something we can test on

http://technet.microsoft.com/pt-br/library/cc773155(v=ws.10).aspx

User logging on to multiple computers: A user may log onto multiple computers at one time. Programs that are running on those computers may access network resources with the user credentials of that user who is currently logged on. If the user changes their password on one of the computers, programs that are running on the other computers may continue to use the original password. Because those programs authenticate when they request access to network resources, the old password continues to be used and the users account becomes locked out. To ensure that this behavior does not occur, users should log off of all computers, change the password from a single location, and then log off and back on.

Stored user names and passwords retain redundant credentials: If any of the saved credentials are the same as the logon credential, you should delete those credentials. The credentials are redundant because Windows tries the logon credentials when explicit credentials are not found. To delete logon credentials, use the Stored User Names and Passwords tool.
0
 
LVL 88

Expert Comment

by:rindi
ID: 38385625
If you have waited so many years to upgrade to SP3 chances are high that it has been compromised by malware. Not using SP3 on XP Pc's is in my point of view absolutely careless, apart from that XP with SP3 is the ONLY 32 bit XP that is still supported by m$, and you only get security upgrades if it is installed.

Scan the PC thoroughly for malware using malwarebytes. Also run all the Windows updates since SP3...

http://www.malwarebytes.org/
0
 
LVL 1

Accepted Solution

by:
roy_batty earned 0 total points
ID: 38404882
I cleared the cached usernames and passwords for this user on the PC then rebooted and the issue went away. It appears to have been using the correct details whilst logging into the PC but then using these incorrect cached details when trying to connect the the shares.
0
 
LVL 1

Author Closing Comment

by:roy_batty
ID: 38424332
See my last comment. None of the suggestions came close but thanks for the help anyway.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question