Re: Account Lockout Problems
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/18/04
- Next message: Mark Renoden [MSFT]: "Re: How to deploy password policy"
- Previous message: Mark Renoden [MSFT]: "Re: FSMO Roles"
- In reply to: aubuchonz: "Account Lockout Problems"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 19 Nov 2004 09:16:29 +1100
Hi Randy
My preferred method for tracking down these issues is as follows:
1. Use lockoutstatus.exe to identify which DC's the bad attempts are being
sent to.
2. Enable auditing on these DC's to catch the bad attempts and identify the
clients from which the bad attempts are originating. (see the document you
made reference to). You might skip step 1 and just enable auditing on all
DC's if it's a small environment. The frequency of the bad attempts will
indicate whether this is process related or the users just making a mistake.
Many in the same second ... process.
3. Based on frequency, if it looks process related, use ALockout.dll on the
client machines identified by the audit logs. The resulting log should tell
you what's responsible. If it's user related, fix the user ;)
What does your lockout policy look like? Are you following the guidance in
the article you've pointed to?
Kind regards
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "aubuchonz" <aubuchonz@discussions.microsoft.com> wrote in message news:1010CD72-4EE6-4828-8257-41BF679D6F09@microsoft.com... > > I am haveing some account lockout problems I can't seem to figure out. I > have read the technet article > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx. > I have installed ALockout.dll and have netlogon logging. The Logs don't > make any sense to me. The netlogon logs is nothing but mailslot entries. > ALockout logs seem to list process when the lockout occurs but which ones > are > important. I see MS office entries and Lotus notes entries. The only > thing > these workstations have in common is they map to exteral domain drives > with a > password. I did clear reoccuring drives. Thanks if this is not the right > group for my question please point me in the right direction. Thanks in > advance, I find this forum very helpful. > > -- > Randy AuBuchon MCSE 2000 CISSP
- Next message: Mark Renoden [MSFT]: "Re: How to deploy password policy"
- Previous message: Mark Renoden [MSFT]: "Re: FSMO Roles"
- In reply to: aubuchonz: "Account Lockout Problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
