Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.
User login to a workstation locks a different user's AD account
Ok, here's a weird one. Just started happening yesterday (after updates were applied over the weekend?):
User A is assigned to workstation A (which is a Windows 10 workstation). When she leaves for lunch, User B logs onto her workstation to assist customers while User A is at lunch. When User A comes back from lunch and attempts to login to her workstation, she is getting notified that her account is locked out.
I check AD Users and Computers and find User B's account is locked but not User A. I advise User A to reboot the workstation and she can now login. I verified that she was logging in by entering her password for her own user ID - actually watched her enter her password under her User ID, but it is recording login attempts against User B's account.
This happened yesterday and again today. I have other workstations which users share, substituting for each other during lunch breaks but have not received any reports of this type from other users.
I've done a couple of preliminary Google searches but I'm not finding anything similar. My first thought is to delete User B's profile off the workstation since he's not the primary user on that workstation anyway. I'm hoping I don't have to also delete and rebuild User A's profile.
Anyone else seen anything like this and have any suggestions?
User A is assigned to workstation A (which is a Windows 10 workstation). When she leaves for lunch, User B logs onto her workstation to assist customers while User A is at lunch. When User A comes back from lunch and attempts to login to her workstation, she is getting notified that her account is locked out.
I check AD Users and Computers and find User B's account is locked but not User A. I advise User A to reboot the workstation and she can now login. I verified that she was logging in by entering her password for her own user ID - actually watched her enter her password under her User ID, but it is recording login attempts against User B's account.
This happened yesterday and again today. I have other workstations which users share, substituting for each other during lunch breaks but have not received any reports of this type from other users.
I've done a couple of preliminary Google searches but I'm not finding anything similar. My first thought is to delete User B's profile off the workstation since he's not the primary user on that workstation anyway. I'm hoping I don't have to also delete and rebuild User A's profile.
Anyone else seen anything like this and have any suggestions?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Today User A reported that User B did log off of her computer but it didn't make any difference.
I haven't had User B try other computers yet. I might do that later on this afternoon.
I haven't had User B try other computers yet. I might do that later on this afternoon.
Clear the cached credentials. Let the user open network credential manager and look for credentials of the other user - those could be simply outdated and no longer valid.
Yes, User B logged onto User C's computer and it caused the same problem for User C - she had to reboot in order to login on her workstation.
Checked Credential Manager for both User A and User C - didn't see anything related to User B in there.
User B also logged onto workstation D and while he was still logged on, I did a "switch user" and logged on with my non-privileged ID - no problem.
Checked Credential Manager for both User A and User C - didn't see anything related to User B in there.
User B also logged onto workstation D and while he was still logged on, I did a "switch user" and logged on with my non-privileged ID - no problem.
Something appears to be wrong with B's Profile. Also did you try McKnife's suggestion? And, try deleteing B's Profile the workstations.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
I've deleted User B's profile off of User A's computer, had User B log back in and create a new profile, and then locked the workstation and had User A log back in again - so far, so good.
So odd that User B's profile would cause problems on the 2 computers at the same time. And makes me wonder if I still have a potential intrusion risk in place as a result of a breach we had late last year in which this user's account appeared to have been peripherally involved.
So odd that User B's profile would cause problems on the 2 computers at the same time. And makes me wonder if I still have a potential intrusion risk in place as a result of a breach we had late last year in which this user's account appeared to have been peripherally involved.
May be due to processes on the client computers, programs that may pass user credentials to a centralized network program. Mobile device / BYOD or Virus.
Refer for more: Active Directory -Troubleshooting Frequent Account Lockout:
https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx
You can use Account Lockout Status (LockoutStatus.exe) from Microsoft which is a combination command-line and graphical tool that displays lockout information about a particular user account. Also, you can enable auditing on your default domain policy to track it. Else, try active directory auditing solution which lets you the root cause of account lockouts faster and easily.
Troubleshooting account lockout the PSS way:
https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/
Refer for more: Active Directory -Troubleshooting Frequent Account Lockout:
https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx
You can use Account Lockout Status (LockoutStatus.exe) from Microsoft which is a combination command-line and graphical tool that displays lockout information about a particular user account. Also, you can enable auditing on your default domain policy to track it. Else, try active directory auditing solution which lets you the root cause of account lockouts faster and easily.
Troubleshooting account lockout the PSS way:
https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: IC3 GS4 Internet Core Competency Global Standard 4… 135 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
If B uses C's computer, does the same thing happen?
In answer to your question, no, I do not see this, and yes, it appears to be profile issue.