miércoles, 27 de junio de 2012 8:14
Why would a user on the network be prompted a number of times throughout the day for their credentials. The account also becomes locked out and needs unlocking.
Todas las respuestas
miércoles, 27 de junio de 2012 8:18
if the account is used in scripts, scheduled tasks etc. and the password is changed this may happen.
Also the Conficker Virus result in account lockouts http://support.microsoft.com/kb/962007/en-us
For account lockout use the troubleshooting tools
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Propuesto como respuesta Mohammed imtiyaz Ali miércoles, 27 de junio de 2012 8:25
jueves, 28 de junio de 2012 4:27Moderador
Since the account lockout issue could be caused by many factors, such as Programs, Service accounts, Low bad password threshold AD replication and Redundant credentials. At this time, in order to narrow down the cause of the account lockout issue. I suggest we try to enable Auditing policy, Netlogon Logging and Kerberos Logging to capture the information about the accounts that are being locked out.
Enable Auditing at the Domain Level
To view the Auditing policy settings, in the Group Policy MMC, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy. Enable auditing for the event types listed in the previous section.
Enable Kerberos event logging on a computer
- Click Start, click Run, type regedit, and then press ENTER.
- Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry value to the registry key:
- Registry value: LogLevel
- Value type: REG_DWORD
- Value data: 0x1
If the Parameters registry key does not exist, create it.
- Close Registry Editor and restart the computer.
Regarding enabling Netlogon logging, we could refer to the article Meinolf provided.
For details about troubleshooting account lockout issue, please refer to the articles below.
Troubleshooting Account Lockout
Maintaining and Monitoring Account Lockout
domingo, 01 de julio de 2012 1:33
I have a user that locks them selves out about once every 3 days at my work. The way I found it was her was that I logged into the Domain Controller and checked the Event Viewer. Made a Custom XML filter to show only ones wither her username in and done it was all of the different types of events, not just security... This brought back a goood 150 from the past few days but I found there were a lot of invalid credential logs.Most having a 2-10 second break between which is enough to retype the password.
Also used "Services" and checked through some of the non-default ones to make sure there wasnt anything dodgy going on there.