Re: Account lockouts
From: Ole Kristian Bangås (ole_kristian_bangaas_at_hotmail.com)
Date: 01/16/05
- Next message: Mark Renoden [MSFT]: "Re: Account lockouts"
- Previous message: BFT: "Account lockouts"
- In reply to: BFT: "Account lockouts"
- Next in thread: Mark Renoden [MSFT]: "Re: Account lockouts"
- Reply: Mark Renoden [MSFT]: "Re: Account lockouts"
- Messages sorted by: [ date ] [ thread ]
Date: 16 Jan 2005 23:35:02 GMT
=?Utf-8?B?QkZU?= <BFT@discussions.microsoft.com> wrote in
news:AABB3C61-B400-4467-9AB4-435F5FA3C077@microsoft.com:
> I have a pretty big problem on my hands. I have account lockout
> occurring on my network. I fond a SAM error in my system log that I
> tracked down to an office over in Asia. I thought it might be a virus
> but was not. It seems to be some type of spy ware called
> securenet.exe anyway it looks like it uses the outlook address book
> and attempts to log on to active directory. Well I have my lockouts
> set and it locked accounts all week. I finally got the admin in that
> office to shut off those pc and reinstall them.
>
> Any way here is the real problem I had been unlocking accounts all
> week which equals thousands of unlocks. I printed my security log and
> the locks didn’t show up. Now all weekend I have been watching the
> security log and they seem to be appearing now.
>
> Has anyone ever had this problem and if so what can I do to stop the
> locks if the continue. I thought it might just be a backlog of active
> directory transactions. Any ideas im at a loss.
My first thought, since you apparently know the name of the executable,
is to greate a GPO denying that executable to run, and then start
cleaning up the system.
-- Ole Kristian Bangås
- Next message: Mark Renoden [MSFT]: "Re: Account lockouts"
- Previous message: BFT: "Account lockouts"
- In reply to: BFT: "Account lockouts"
- Next in thread: Mark Renoden [MSFT]: "Re: Account lockouts"
- Reply: Mark Renoden [MSFT]: "Re: Account lockouts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
