|
Home > Archive > microsoft.public.cert.exams.mcse > December 2002 > AD question.....
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| LaurieC 2002-12-31, 11:23 am |
| I posted this in the AD group also but have received no
responses yet so I'm hoping the experts in this group can
help me out.
I have a user who recently changed her AD password and now
her user account is getting locked out every 20 minutes or
so. I tried removing her workstation from the domain and
re-adding it (this worked for another user) but it is
still locking her out. She's my manager so I'm highly
motivated to figure this one out! 
Oh and this has only happened to a handful of people on
our network - myself included! Only LAN admins, as a
matter of fact. Thankfully not everyone has this problem.
Any ideas or thoughts are greatly appreciated! This group
has been able to resolve most of the questions I've asked
so I'm expecting great things! 
| |
| Rob Hammersmith 2002-12-31, 11:23 am |
| Have you ruled out the possibility that one of your non-LAN admin users logs
on with yours and other LAN admin accounts, and when those passwords change,
they hack the account until the account gets locked out?
--
Rob Hammersmith
MCSA, CCEA, MCNGP #15
The MCNGP Team - We're here to help
"LaurieC" <lacarnah@stpete.org> wrote in message
news:048401c2b0e8$bf07b5d0$cef
82ecf@TK2MSFTNGXA08...
> I posted this in the AD group also but have received no
> responses yet so I'm hoping the experts in this group can
> help me out.
>
> I have a user who recently changed her AD password and now
> her user account is getting locked out every 20 minutes or
> so. I tried removing her workstation from the domain and
> re-adding it (this worked for another user) but it is
> still locking her out. She's my manager so I'm highly
> motivated to figure this one out!
>
> Oh and this has only happened to a handful of people on
> our network - myself included! Only LAN admins, as a
> matter of fact. Thankfully not everyone has this problem.
>
> Any ideas or thoughts are greatly appreciated! This group
> has been able to resolve most of the questions I've asked
> so I'm expecting great things!
| |
| Consultant 2002-12-31, 11:23 am |
| or maybe a scheduled task is set up with that users id & old password?
"Rob Hammersmith" <rhammersmith@hotmail.com> wrote in message
news:uDUjynOsCHA.2596@TK2MSFTNGP12...
> Have you ruled out the possibility that one of your non-LAN admin users
logs
> on with yours and other LAN admin accounts, and when those passwords
change,
> they hack the account until the account gets locked out?
>
> --
> Rob Hammersmith
> MCSA, CCEA, MCNGP #15
> The MCNGP Team - We're here to help
>
>
> "LaurieC" <lacarnah@stpete.org> wrote in message
> news:048401c2b0e8$bf07b5d0$cef
82ecf@TK2MSFTNGXA08...
> > I posted this in the AD group also but have received no
> > responses yet so I'm hoping the experts in this group can
> > help me out.
> >
> > I have a user who recently changed her AD password and now
> > her user account is getting locked out every 20 minutes or
> > so. I tried removing her workstation from the domain and
> > re-adding it (this worked for another user) but it is
> > still locking her out. She's my manager so I'm highly
> > motivated to figure this one out!
> >
> > Oh and this has only happened to a handful of people on
> > our network - myself included! Only LAN admins, as a
> > matter of fact. Thankfully not everyone has this problem.
> >
> > Any ideas or thoughts are greatly appreciated! This group
> > has been able to resolve most of the questions I've asked
> > so I'm expecting great things!
>
>
| |
| Glenn D. Crosse 2002-12-31, 11:23 am |
| Why not put in auditing that will probably point you to the source of the
problem ??
Glenn
"LaurieC" <lacarnah@stpete.org> wrote in message
news:048401c2b0e8$bf07b5d0$cef
82ecf@TK2MSFTNGXA08...
> I posted this in the AD group also but have received no
> responses yet so I'm hoping the experts in this group can
> help me out.
>
> I have a user who recently changed her AD password and now
> her user account is getting locked out every 20 minutes or
> so. I tried removing her workstation from the domain and
> re-adding it (this worked for another user) but it is
> still locking her out. She's my manager so I'm highly
> motivated to figure this one out!
>
> Oh and this has only happened to a handful of people on
> our network - myself included! Only LAN admins, as a
> matter of fact. Thankfully not everyone has this problem.
>
> Any ideas or thoughts are greatly appreciated! This group
> has been able to resolve most of the questions I've asked
> so I'm expecting great things!
| |
| LaurieC 2002-12-31, 12:23 pm |
| Both good ideas. I really doubt anyone is hacking our ids
although it is possible and definitely the scheduled task
is possible. Thanks guys! I'll check into these.....
>-----Original Message-----
>or maybe a scheduled task is set up with that users id &
old password?
>
>
>"Rob Hammersmith" <rhammersmith@hotmail.com> wrote in
message
>news:uDUjynOsCHA.2596@TK2MSFTNGP12...
>> Have you ruled out the possibility that one of your non-
LAN admin users
>logs
>> on with yours and other LAN admin accounts, and when
those passwords
>change,
>> they hack the account until the account gets locked out?
>>
>> --
>> Rob Hammersmith
>> MCSA, CCEA, MCNGP #15
>> The MCNGP Team - We're here to help
>>
>>
>> "LaurieC" <lacarnah@stpete.org> wrote in message
>> news:048401c2b0e8$bf07b5d0$cef
82ecf@TK2MSFTNGXA08...
>> > I posted this in the AD group also but have received
no[co
lor=darkred]
>> > responses yet so I'm hoping the experts in this group[/color]
can[c
olor=darkred]
>> > help me out.
>> >
>> > I have a user who recently changed her AD password[/color]
and now[c
olor=darkred]
>> > her user account is getting locked out every 20[/color]
minutes or[co
lor=darkred]
>> > so. I tried removing her workstation from the domain[/color]
and[c
olor=darkred]
>> > re-adding it (this worked for another user) but it is
>> > still locking her out. She's my manager so I'm highly
>> > motivated to figure this one out!
>> >
>> > Oh and this has only happened to a handful of people[/color]
on[co
lor=darkred]
>> > our network - myself included! Only LAN admins, as a
>> > matter of fact. Thankfully not everyone has this[/color]
problem. [colo
r=darkred]
>> >
>> > Any ideas or thoughts are greatly appreciated! This[/color]
group
>> > has been able to resolve most of the questions I've
asked
>> > so I'm expecting great things!
>>
>>
>
>
>.
>
| |
| Beoweolf 2002-12-31, 1:23 pm |
| This illustrates an area people fail to utilize all the tools at their
disposal. Auditing and Event logs are your best friend for recurring
problems. Way to go Glenn! And I agree, I would suspect a brute force
password engine attack too. The logs will give you a record of what is
happening and proof if you should be able to trace it back to the "perp"...I
know, too many cop shows!
"Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
news:ODRZC9OsCHA.436@TK2MSFTNGP12...
> Why not put in auditing that will probably point you to the source of the
> problem ??
> Glenn
> "LaurieC" <lacarnah@stpete.org> wrote in message
> news:048401c2b0e8$bf07b5d0$cef
82ecf@TK2MSFTNGXA08...
> > I posted this in the AD group also but have received no
> > responses yet so I'm hoping the experts in this group can
> > help me out.
> >
> > I have a user who recently changed her AD password and now
> > her user account is getting locked out every 20 minutes or
> > so. I tried removing her workstation from the domain and
> > re-adding it (this worked for another user) but it is
> > still locking her out. She's my manager so I'm highly
> > motivated to figure this one out!
> >
> > Oh and this has only happened to a handful of people on
> > our network - myself included! Only LAN admins, as a
> > matter of fact. Thankfully not everyone has this problem.
> >
> > Any ideas or thoughts are greatly appreciated! This group
> > has been able to resolve most of the questions I've asked
> > so I'm expecting great things!
>
>
| |
| Glenn D. Crosse 2002-12-31, 1:23 pm |
| Those logs are your best friend.
They get even more interesting when you use SQL 2000.
Glenn
"Beoweolf" <beoweolf@pacbell.net> wrote in message
news:zelQ9.3132$9t6.663768317@newssvr13.news.prodigy.com...
> This illustrates an area people fail to utilize all the tools at their
> disposal. Auditing and Event logs are your best friend for recurring
> problems. Way to go Glenn! And I agree, I would suspect a brute force
> password engine attack too. The logs will give you a record of what is
> happening and proof if you should be able to trace it back to the
"perp"...I
> know, too many cop shows!
> "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> news:ODRZC9OsCHA.436@TK2MSFTNGP12...
> > Why not put in auditing that will probably point you to the source of
the
> > problem ??
> > Glenn
> > "LaurieC" <lacarnah@stpete.org> wrote in message
> > news:048401c2b0e8$bf07b5d0$cef
82ecf@TK2MSFTNGXA08...
> > > I posted this in the AD group also but have received no
> > > responses yet so I'm hoping the experts in this group can
> > > help me out.
> > >
> > > I have a user who recently changed her AD password and now
> > > her user account is getting locked out every 20 minutes or
> > > so. I tried removing her workstation from the domain and
> > > re-adding it (this worked for another user) but it is
> > > still locking her out. She's my manager so I'm highly
> > > motivated to figure this one out!
> > >
> > > Oh and this has only happened to a handful of people on
> > > our network - myself included! Only LAN admins, as a
> > > matter of fact. Thankfully not everyone has this problem.
> > >
> > > Any ideas or thoughts are greatly appreciated! This group
> > > has been able to resolve most of the questions I've asked
> > > so I'm expecting great things!
> >
> >
>
>
|
|
|
|
|