Re: preventing user account lockout in Active Directory

Thank you. Yes it is Synergy. I'm not too fond of it haha I wonder what
you're feelings about it are? I will try examining the logs.... *groan*

--
Thanks,

Keith Chilton
Data Services Technician
River Valley Financial Bank
812-273-4949 x1165

****River Valley Financial Bank, Internet Email Confidentiality Footer****
Privileged/Confidential Information may be contained in this message. If you
are not the addressee indicated in this message (or responsible for delivery
of the message to such person), you may not copy or deliver this message to
anyone. In such case, you should destroy this message, and notify us
immediately. If you or your employer does not consent to Internet email
messages of this kind, please advise us immediately. Opinions, conclusions
and other information expressed in this message are not given or endorsed by
my firm or employer unless otherwise indicated by an authorized
representative independent of this message. All Securities are offered
through Money Concepts Capital Corp., 7828 East 88th Street, Indianapolis,
Indiana 46256, 317-841-0370. Member NASD/SIPC. Not FDIC Insured, No Bank
Guarantees, May Lose Value.
"John R" <jsr^^^813@zoom^^^internet.net> wrote in message
news:OY0ibFTaIHA.4880@xxxxxxxxxxxxxxxxxxxxxxx

"keith chilton" <kchilton@xxxxxxxxxxx> wrote in message
news:ew6J53QaIHA.5784@xxxxxxxxxxxxxxxxxxxxxxx
This particular user is called "synserv"... It is used among 3
computers.. 2 are Windows Server 2003 and one is XP Pro... "synserv" has
it's password set so that it never expires. In AD I even put "synserv" in
it's own Organizational Unit so I could give it it's own GPO. The only
thing that is configured by the GPO is "Account lockout threshold" and
that is set to 0 (Which means it can not get locked out). Maybe these 2
servers are using services using this user name "synserv" with the
predefined password we gave it that never expires.. They probably are,
but we've never changed the password and never will probably. Any ideas
with this newfound information I've presented? I appreciate the help.. By
the way I just did an experiment with the GPO settings. I am trying

"Account lockout duration" = 1 minute
"Account lockout threshold" = 999 invalid login attempts
"Reset account lockout counter after" = 1 minute

Maybe this will make it hardly ever lockout.. Every 999 failures and then
it would unlock itself after 1 minute...

--
Thanks,

Keith Chilton

In a domain environment, the account lockout policy settings must be set
on the domain controller that is authenticating the account, and thus
locking out the account. They will have no effect on the user object.
Therefore, the settings will apply to any account that the DC
authenticates for. Microsoft says that these settings should only be set
in the default domain GPO, although I think you could get away with
setting it in a GPO that applies against the domain controllers OU.

Perhaps what you should do is reset the password for the account, and then
in the services control panel for the three machines that use the account.
You could also enable auditing for account logon events (failure) on your
domain controllers. This might give you an event log entry of which
workstation (or server) is locking it out. Of course, you would have to
examine the event logs on all of the domain controllers because you don't
know which DC is locking it out.

synserv wouldn't happen to be Synergy xf Server, would it?

John R



.

Relevant Pages

  • Re: Automatically user lockout - big problem
    ... PS: What is Netlogon logging? ... Check the security logs of the domain controllers to ... By default logging of account ... > Comb can be used to scan domain computers for that account lockout event. ...
    (microsoft.public.windows.server.security)
  • Re: Automatically user lockout - big problem
    ... Check the security logs of the domain controllers to ... By default logging of account ... Comb can be used to scan domain computers for that account lockout event. ...
    (microsoft.public.windows.server.security)
  • Re: preventing user account lockout in Active Directory
    ... Organizational Unit so I could give it it's own GPO. ... is configured by the GPO is "Account lockout threshold" and that is set to ... applies against the domain controllers OU. ...
    (microsoft.public.cert.exam.mcsa)
  • RE: 529 Logon Failures - 138 Events
    ... Enable complicated password policy is not same as using complicated ... Note: you can find the Default Domain Controllers policy here: ... Configure account lockout policy. ... The account lockout policy only effect on the user account, ...
    (microsoft.public.windows.server.sbs)
  • Re: How to /password policy on Windows 2003
    ... General Recommendations for Account Lockout and Password Policy ... settings in the previous tables, ...
    (Focus-Microsoft)
Loading