account lock out problem

Discussion in 'Security Software' started by Sameh Ahmed, Dec 7, 2003.

  1. Sameh Ahmed

    Sameh Ahmed Guest

    Hello there
    we have an account lock out policy in our domain, sometimes users are locked
    and auditing shows that they have failed authentication from a client that
    happens to be a domain controller and has no softwares configured to
    authenticates on behalf of users whatsoever.
    this really confuses me and causes many problems as this happens
    continuously even when I unlock the user it locks in a few minutes.
    any ideas?
    Regards
    Sameh
     
    Sameh Ahmed, Dec 7, 2003
    #1
    1. Advertisements

  2. Hi Sameh,

    If you can provide more information someone may be able to help. It sounds
    like you do have an account lockout policy enabled on your domain controller
    and if so that would cause the lockout if the user entered the incorrect
    password more often than the policy allows. The account lockout would show
    up in the domain controller security log because the domain controller
    authenticates user access to domain resources.

    Is the domain controller NT 4.0 or Acitve Directory on Windows 2000 or
    Server 2003?

    What OS is the client computer running? Windows 95, 98, ME, NT Workstation
    4.0, 2000 Professional, XP Home, XP Professional?

    Do you users map drives with another account?

    Is the user using Windows 9x and bypassing domain login then trying to
    access mapped drives with a domain account?

    Thanks,
    Rick
     
    Rick Partridge, Dec 9, 2003
    #2
    1. Advertisements

  3. Sameh Ahmed

    Sameh Ahmed Guest

    Hello Rick
    well, it's W2K Advanced server.
    Clients are XP PRO.
    I have enabled auditing and that's what showed me that the account is not
    being locked for the client's machine but actually from one of the domain
    controllers.
    as if someone is trying to logon from the console which is not applicable
    due to the physical security and the fact that none of the domain admins
    tried to logon with user's account from the domain controller.
    Norton antivirus is updated.
    domain controller is scanned for security risks.
    no outer world communication.
    no IIS enabled.
    and of course no mapped network drives on the DC.
    Thanks for replying.
    Sameh
     
    Sameh Ahmed, Dec 9, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.