locked
Vista Ultimate x64 - Accounts lock when making changes to accounts RRS feed

  • Question

  • The Setup:

    OS: Vista x64 Ultimate

    Workgroup: Single computer involved

    Accounts: AdminMe, AdminMe2, test(standard), test2(standard), Me(standard)

    Major features used: User Accounts, Parental Controls, and other 'User Accounts' related features.

    Fast User Switching = Enabled

    Lockout policy: Lockout Threshold = 7 invalid attemps; Lockout Duration = 30 minutes (I changed this to 3 minutes for testing)

     

    The Situation:

    Lets assume I'm logged in as 'test'. When I am trying to access restricted portions of control panel for maintenance (such as, manage another account), UAC prompts for elevation. When I enter my admin password for 'AdminMe' it displays the list of accounts for me to manage. However if I look at the Security Event logs (can be provided upon request) it shows that my 'test' account first tried to access each of my accounts with Audit failure. It then shows successful UAC elevation, followed by (when going in to 'Manage another User account' but not 'Parental Controls') another string of failures. If I exit Users/Parental and go back in enough times within my designated time (such as when switching accounts to test changes or adjusting one account, leaving, deciding to make a few more changes and going back in, etc) it decides to lock some, or all accounts (don't know enough about security to determine how it picks which accounts to lock)

     

     Possibly Useful Info:

    When going into 'Manage another User account' it displays blanks instead of pictures for all the users.

    When going into 'Parental controls' it gives the same audit failures but displays the pictures for all the users.

    Some of the SubjectUser's llisted doing the accessing are my 'test' account, some are my 'AdminMe' account (I suspect this is the difference between going in through 'Parental Controls' and going in through 'Mange another User account' but have yet to test it yet)

    My 'test' account has failed on itself

    My 'AdminMe' account has failed on itself when elevating to it

    The accounts locking sometimes won't even include the account I am logged in as and sometimes will

     

    Testing:

    Due to suspicion of profile corruption, test2, and AdminMe2 were both brand new accounts. I tested in the following fashion:

     

    Logged in as test, elevated to AdminMe -- accounts locked

    Logged in as test, elevated to AdminMe2 -- accounts locked

    Logged in as test2, elevated to AdminMe -- accounts locked

    Logged in as test2, elevated to AdminMe2 -- accounts locked

    Logged in as AdminMe, Elevated to Self -- accounts locked

    Logged in as AdminMe2, Elevated to Self -- accounts locked

     

    Questions:

    I don't have a second Vista machine to test with but is this a *ahem* feature... of Vista?

    If so, is there a fix yet?

    If not, any ideas on what I did to get this to happen (besides turn on a Account lockout policy since I should be allowed to use this feature)?

     

     

    More information provided on request (please be specific, such as; if you want failed security log info, do you want me to copy/paste the general tab, the details tab, both? do you want one, all from a single attempt, every log from the start of the process until accounts lock?)

     

    Many thanks in advance,

    Jason

     

    Tuesday, October 14, 2008 3:11 AM