Rochelle Adsitt
asked on
User login to a workstation locks a different user's AD account
Ok, here's a weird one. Just started happening yesterday (after updates were applied over the weekend?):
User A is assigned to workstation A (which is a Windows 10 workstation). When she leaves for lunch, User B logs onto her workstation to assist customers while User A is at lunch. When User A comes back from lunch and attempts to login to her workstation, she is getting notified that her account is locked out.
I check AD Users and Computers and find User B's account is locked but not User A. I advise User A to reboot the workstation and she can now login. I verified that she was logging in by entering her password for her own user ID - actually watched her enter her password under her User ID, but it is recording login attempts against User B's account.
This happened yesterday and again today. I have other workstations which users share, substituting for each other during lunch breaks but have not received any reports of this type from other users.
I've done a couple of preliminary Google searches but I'm not finding anything similar. My first thought is to delete User B's profile off the workstation since he's not the primary user on that workstation anyway. I'm hoping I don't have to also delete and rebuild User A's profile.
Anyone else seen anything like this and have any suggestions?
User A is assigned to workstation A (which is a Windows 10 workstation). When she leaves for lunch, User B logs onto her workstation to assist customers while User A is at lunch. When User A comes back from lunch and attempts to login to her workstation, she is getting notified that her account is locked out.
I check AD Users and Computers and find User B's account is locked but not User A. I advise User A to reboot the workstation and she can now login. I verified that she was logging in by entering her password for her own user ID - actually watched her enter her password under her User ID, but it is recording login attempts against User B's account.
This happened yesterday and again today. I have other workstations which users share, substituting for each other during lunch breaks but have not received any reports of this type from other users.
I've done a couple of preliminary Google searches but I'm not finding anything similar. My first thought is to delete User B's profile off the workstation since he's not the primary user on that workstation anyway. I'm hoping I don't have to also delete and rebuild User A's profile.
Anyone else seen anything like this and have any suggestions?
ASKER
Today User A reported that User B did log off of her computer but it didn't make any difference.
I haven't had User B try other computers yet. I might do that later on this afternoon.
I haven't had User B try other computers yet. I might do that later on this afternoon.
Clear the cached credentials. Let the user open network credential manager and look for credentials of the other user - those could be simply outdated and no longer valid.
ASKER
Yes, User B logged onto User C's computer and it caused the same problem for User C - she had to reboot in order to login on her workstation.
Checked Credential Manager for both User A and User C - didn't see anything related to User B in there.
User B also logged onto workstation D and while he was still logged on, I did a "switch user" and logged on with my non-privileged ID - no problem.
Checked Credential Manager for both User A and User C - didn't see anything related to User B in there.
User B also logged onto workstation D and while he was still logged on, I did a "switch user" and logged on with my non-privileged ID - no problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've deleted User B's profile off of User A's computer, had User B log back in and create a new profile, and then locked the workstation and had User A log back in again - so far, so good.
So odd that User B's profile would cause problems on the 2 computers at the same time. And makes me wonder if I still have a potential intrusion risk in place as a result of a breach we had late last year in which this user's account appeared to have been peripherally involved.
So odd that User B's profile would cause problems on the 2 computers at the same time. And makes me wonder if I still have a potential intrusion risk in place as a result of a breach we had late last year in which this user's account appeared to have been peripherally involved.
B may have had a virus going to dodgy places. But you now know what the issue was.
May be due to processes on the client computers, programs that may pass user credentials to a centralized network program. Mobile device / BYOD or Virus.
Refer for more: Active Directory -Troubleshooting Frequent Account Lockout:
https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx
You can use Account Lockout Status (LockoutStatus.exe) from Microsoft which is a combination command-line and graphical tool that displays lockout information about a particular user account. Also, you can enable auditing on your default domain policy to track it. Else, try active directory auditing solution which lets you the root cause of account lockouts faster and easily.
Troubleshooting account lockout the PSS way:
https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/
Refer for more: Active Directory -Troubleshooting Frequent Account Lockout:
https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx
You can use Account Lockout Status (LockoutStatus.exe) from Microsoft which is a combination command-line and graphical tool that displays lockout information about a particular user account. Also, you can enable auditing on your default domain policy to track it. Else, try active directory auditing solution which lets you the root cause of account lockouts faster and easily.
Troubleshooting account lockout the PSS way:
https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/
If B uses C's computer, does the same thing happen?
In answer to your question, no, I do not see this, and yes, it appears to be profile issue.