Solved

Guest Account Lockout

Posted on 2013-06-13
2
774 Views
Last Modified: 2013-06-17
I've been noticing that my guest account on my domain controller is randomly getting locked out.  The odd thing is, this account is disabled, how would a account get locked out if its disabled already?  I normally would never notice these events, but my monitoring software emails on account lockouts.  I'm just trying to get to the bottom of the cause and too see if I should just igonore them.  It happens randomly from different workstations.  I also have a gpo setup to disable the local guest account at logon on each workstation.  Anyone else run into this issue?
0
Comment
Question by:PSGITech
2 Comments
 
LVL 26

Accepted Solution

by:
pony10us earned 500 total points
Comment Utility
"The odd thing is, this account is disabled, how would a account get locked out if its disabled already?"

Disable and lock out are two separate functions.  Even though the account is disabled it still will look at attempts to sign in and if it matchs the number of failures set to lockout then it will lock out the account.

It is recommended that you change the name of the guest account as well as disable it. It may be that one or more individuals (" It happens randomly from different workstations") may be attempting to access the system.

As long as the account is disabled it is not a big threat however it is always best to know what/who is attempting to access your system.  I would look at the workstations that are the cause and see if anything shows up in their event viewer that may indicate what they are attempting to do.
0
 

Expert Comment

by:daisythecat
Comment Utility
If workstations arent configured properly, or if they use a home version of windows rather than pro or enterprise they can try to access the guest account when attempting to access a domain or workgroup
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now