joukiejouk
asked on
Domain user account always lock out the user upon initial login.
Please view this previous post.
https://www.experts-exchange.com/questions/28649270/Domain-user-always-locked-out-when-attempting-to-log-in-Need-help-to-trace-the-source.html
I've exhausted all troubleshooting steps, but this user continues to get locked out. I was wondering if deleting and recreating the account will resolve the issue. Or, will it just continue to lock out. What other troubleshooting method can i try?
https://www.experts-exchange.com/questions/28649270/Domain-user-always-locked-out-when-attempting-to-log-in-Need-help-to-trace-the-source.html
I've exhausted all troubleshooting steps, but this user continues to get locked out. I was wondering if deleting and recreating the account will resolve the issue. Or, will it just continue to lock out. What other troubleshooting method can i try?
Please verify those values on the user PC
HKLM\Software\Microsoft\Wi ndows NT\CurrentVersion\Winlogon
Shell = explorer.exe
Userinit=X:\windows\system 32\userini t.exe
NOTE: These files may also be deleted by spywares. You may need to extract them using Windows CD.
HKLM\Software\Microsoft\Wi
Shell = explorer.exe
Userinit=X:\windows\system
NOTE: These files may also be deleted by spywares. You may need to extract them using Windows CD.
Oh, deleting and recreating an account will not solve the problem since whatever is authenticating will continue to send the same username in the authentication attempt. Displaying this account in favor of a new username, would on the other hand address the issue.
ASKER
It can possibly be some persistent mapped drives. If this is the case, how can i check?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is the quickest way to trace from the locking source (a DC) to the system that sends the failed auth request to the DC.
If you have TErminal servers, check those to see if this user has a session and terminate it if older than the password age. Then have the user check to make sure they did not save credentials for a resource in control keymgr.dll
If you trace it back to an exchange server, the user will need to check all their mobile devices current and former to make sure they did not leave the mail account on a device handed to ......