the system detected a possible attempt to compromise security

Posted on 2012-09-10
Last Modified: 2012-09-22
I have a user who is getting the above error when trying to access network shares via a mapped drive(s).

Prior to me seeing the issue she has changed her password. I have also reset her password again since from the small business server 2003 which runs the site.

I have noticed whilst logging in and out using her domain account that I get a message saying the account is locked out too. I have discovered that after initially managing to log in the account becomes "locked out" in AD. There is a tick in the relevant box in the users accounts tab in AD.

After the user logs in successfully I can go in and untick this account lock check box. The user then gets a different message when trying to access the share  -"unknown username or bad password".

This same user is able to login to a different PC and access the shares no problem. I have just upgraded the troublesome PC with XP SP3 since discovering this issue but that didnt help. Although during the installation of the service pack (I installed it under the users account) I noticed that I was able to access the shared drives OK.

Any suggestions?
Question by:roy_batty
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    on the affected machine check the credential manager and edit the offending share
    net use * \\sharename /user:username /savecred

    it should prompt you for the password then you should be good
    LVL 60

    Expert Comment

    This forum has many mentioned why this message can come about , not really malicious but like firewall, DNS and kerberos options. E.g. "Use Kerberos DES Encryption types for this account"...not saying that it is false alarm, sometimes this slip the config at server side...

    back to the issue, suspecting cached credential. the MSDN spell possibility but I see this as something we can test on

    User logging on to multiple computers: A user may log onto multiple computers at one time. Programs that are running on those computers may access network resources with the user credentials of that user who is currently logged on. If the user changes their password on one of the computers, programs that are running on the other computers may continue to use the original password. Because those programs authenticate when they request access to network resources, the old password continues to be used and the users account becomes locked out. To ensure that this behavior does not occur, users should log off of all computers, change the password from a single location, and then log off and back on.

    Stored user names and passwords retain redundant credentials: If any of the saved credentials are the same as the logon credential, you should delete those credentials. The credentials are redundant because Windows tries the logon credentials when explicit credentials are not found. To delete logon credentials, use the Stored User Names and Passwords tool.
    LVL 87

    Expert Comment

    If you have waited so many years to upgrade to SP3 chances are high that it has been compromised by malware. Not using SP3 on XP Pc's is in my point of view absolutely careless, apart from that XP with SP3 is the ONLY 32 bit XP that is still supported by m$, and you only get security upgrades if it is installed.

    Scan the PC thoroughly for malware using malwarebytes. Also run all the Windows updates since SP3...
    LVL 1

    Accepted Solution

    I cleared the cached usernames and passwords for this user on the PC then rebooted and the issue went away. It appears to have been using the correct details whilst logging into the PC but then using these incorrect cached details when trying to connect the the shares.
    LVL 1

    Author Closing Comment

    See my last comment. None of the suggestions came close but thanks for the help anyway.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
    Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now