×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Account lockouts

Account lockouts

Account lockouts

(OP)
I have noticed that throughout the last week there has been a lot of account lockouts on the network for users with little rights and administrators. I have a feeling that the accounts are being locked out because of some flaw and not a security breech. Is there anything that would cause this in a Nation wide WAN? Time Sync. maybe?

Any help is greatly appreciated.
John

RE: Account lockouts

Have seen this pattern when an audit or security department gets one of the scanning tools that has a guess pw option. Some of the scanning and/or security tools are very easy to use and misuse. Without realizing the implications of a brute force dictionary attack on an account domain, they go for and ... Such tools misused are powerful denial of service attack mechanisms.

This is why one should never disable the buildin administrator accounts or emasculate it. Rather one should use passprop to protect this account from brute force attacks. See:

http://is-it-true.org/nt/atips/atips40.shtml
http://is-it-true.org/nt/atips/atips93.shtml

RE: Account lockouts

I am having the same problem with spurious lockouts. They are from windows95 machines and seem to happen while the user is logged on. The system stops them accessing the Home$ directory and the user needs to relogon after we have unlocked the account in the User Manager for domains.

Any thoughts or ways to monitor the problem to see what is happening. Much appreciated.

RE: Account lockouts

I have experienced a similar problem which may be related, but possibly more a once off. If users change desks regularly and are using roaming profiles then for some reason their local profile is written to the machine they are currently logged onto AND the machine they last logged onto. Use SMS to check which machines the username in question last logged onto. Delete all local profiles that are still being written to except for the current machine(check write date of ntuser.dat file on local machines).

RE: Account lockouts

Check how many times your user manager allows an user to enter an incorrect login or password, before it locks out the account. Also, check the time the lockout is set too.

Joe Gallo
joe.gallo@gsiarch.com

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close