User login to a workstation locks a different user's AD account

Ok, here's a weird one. Just started happening yesterday (after updates were applied over the weekend?):

User A is assigned to workstation A (which is a Windows 10 workstation). When she leaves for lunch, User B logs onto her workstation to assist customers while User A is at lunch. When User A comes back from lunch and attempts to login to her workstation, she is getting notified that her account is locked out.

I check AD Users and Computers and find User B's account is locked but not User A. I advise User A to reboot the workstation and she can now login. I verified that she was logging in by entering her password for her own user ID - actually watched her enter her password under her User ID, but it is recording login attempts against User B's account.

This happened yesterday and again today. I have other workstations which users share, substituting for each other during lunch breaks but have not received any reports of this type from other users.

I've done a couple of preliminary Google searches but I'm not finding anything similar. My first thought is to delete User B's profile off the workstation since he's not the primary user on that workstation anyway. I'm hoping I don't have to also delete and rebuild User A's profile.

Anyone else seen anything like this and have any suggestions?
Rochelle AdsittIT DirectorAsked:
Who is Participating?
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
Something appears to be wrong with B's Profile. Also did you try McKnife's suggestion?  And, try deleteing B's Profile the workstations.
0
 
JohnBusiness Consultant (Owner)Commented:
Does B log out properly when B is finished?  

If B uses C's computer, does the same thing happen?

In answer to your question, no, I do not see this, and yes, it appears to be profile issue.
0
 
Rochelle AdsittIT DirectorAuthor Commented:
Today User A reported that User B did log off of her computer but it didn't make any difference.

I haven't had User B try other computers yet. I might do that later on this afternoon.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
McKnifeCommented:
Clear the cached credentials. Let the user open network credential manager and look for credentials of the other user - those could be simply outdated and no longer valid.
0
 
Rochelle AdsittIT DirectorAuthor Commented:
Yes, User B logged onto User C's computer and it caused the same problem for User C - she had to reboot in order to login on her workstation.

Checked Credential Manager for both User A and User C - didn't see anything related to User B in there.

User B also logged onto workstation D and while he was still logged on, I did a "switch user" and logged on with my non-privileged ID - no problem.
0
 
Rochelle AdsittIT DirectorAuthor Commented:
I've deleted User B's profile off of User A's computer, had User B log back in and create a new profile, and then locked the workstation and had User A log back in again - so far, so good.

So odd that User B's profile would cause problems on the 2 computers at the same time. And makes me wonder if I still have a potential intrusion risk in place as a result of a breach we had late last year in which this user's account appeared to have been peripherally involved.
0
 
JohnBusiness Consultant (Owner)Commented:
B may have had a virus going to dodgy places. But you now know what the issue was.
0
 
Naveen SharmaCommented:
May be due to processes on the client computers, programs that may pass user credentials to a centralized network program. Mobile device / BYOD or Virus.

Refer for more: Active Directory -Troubleshooting Frequent Account Lockout:
https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx

You can use Account Lockout Status (LockoutStatus.exe) from Microsoft which is a combination command-line and graphical tool that displays lockout information about a particular user account. Also, you can enable auditing on your default domain policy to track it. Else, try active directory auditing solution which lets you the root cause of account lockouts faster and easily.

Troubleshooting account lockout the PSS way:
https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.