Re: administrator account locked!!!!

From: "kj" <kj@xxxxxxxxxxx>
Date: Thu, 5 Oct 2006 16:08:38 -0700

Anyone know if pwdProperties still apply in SP1?

Value Password policy
0 Passwords can be simple, and the administrator account cannot be
locked out.
1 Passwords must be complex, and the administrator account cannot be
locked out.
8 Passwords can be simple, and the administrator account can be locked
out.
9 Passwords must be complex, and the administrator account can be
locked out.

--
/kj
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:er2nZfM6GHA.5100@xxxxxxxxxxxxxxxxxxxxxxx

An account locks when someone sends to many requests to logon to the
account that have invalid passwords.

This shouldn't be an issue as you shouldn't be USING the administrator
account in the first place. It should be set with an insanely long complex
password that is stuffed in an envelope and put in the safe of your CIO. I
ran an AD for very large org for over 5 years and not once did I need the
administrator password.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

Ammar wrote:

Dears i was surprised when i see the built in Administrator account in my
active directory locked !!!

How come it should be not locked
---------------------------------------------
User Account Unlocked:
Target Account Name: Administrator
Target Domain: Local
Target Account ID: local\administrator
Caller User Name: administrator
Caller Domain: local
Caller Logon ID: (0x0,0xACE65)

-----------------------------------------------

Please advise how come this happened ??????

Follow-Ups:
- Re: administrator account locked!!!!
  - From: Paul Williams [MVP]

References:
- Re: administrator account locked!!!!
  - From: Joe Richards [MVP]

Prev by Date: Re: Active directory users and computers - default domain control
Next by Date: Re: Active directory users and computers - default domain control
Previous by thread: Re: administrator account locked!!!!
Next by thread: Re: administrator account locked!!!!
Index(es):
- Date
- Thread

Relevant Pages

Re: Secure passwords?
... the same password for a local account as an domain account. ... does not have to obtain the administrator account itself. ... Consider using alt characters in passwords such as Ł ... attacker can get physical access to a domain controller, ...
(microsoft.public.win2000.security)
Re: Recovery from total hack
... full admin permissions and then disable Administrator Account. ... Well of course passwords should be strong :-) ... ...
(microsoft.public.win2000.security)
Re: RWW Security was compromised.
... we do apply an account lockout and logon failure audit policy by ... If your administrator account is still named "administrator," then your ... you're not using strong passwords, then your network could be easily ... not just RWW, but any authenticated web site hosted on your server ...
(microsoft.public.windows.server.sbs)
domain accounts are being locked out repeatedly
... A few hours ago I changed the passwords for one of the account back to its old password. ... Target Account ID: IR\username ... Caller Machine Name: IR-EXCH-SRV ...
(microsoft.public.win2000.security)
Re: Can not figure out why?
... Is the account logged into more than one machine or is it running a service ... We just rename the build-in administrator account and got tons of failure ... Logon Failure: ... Caller User Name: - ...
(microsoft.public.windows.server.active_directory)