Re: Why are my workstations changing their passwords?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello David,

One question about the machines, are they cloned without sysprepping them?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Jorge, thanks for the response. What you say sounds reasonable
enough, but I'm seeing a burst of about 40 of the same messages for a
single workstation every 1-2 minutes. That's about 28,800 messages
per day for each workstation. All the same, all successful. They
usually have the same time stamp, although it can spread over 3-4
seconds. It seems a bit excessive to me... And while I do see these
messages occasionally for other computers, it's mostly just the group
I recently deployed. Users are able to work on these machines without
problems.

"Jorge de Almeida Pinto [MVP - DS]" wrote:

members of an AD domain initiate a password change right after they
have joined to the AD domain (if I remember that's within a day or
so) and every 30 days past the last password change

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
#

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
---------------------------------------------------------------------
---------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before
implementing!
---------------------------------------------------------------------
---------------------
#################################################
#################################################
---------------------------------------------------------------------
---------------------
"David LaMora" <DavidLaMora@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:788BAB97-6715-4F1B-9557-3864722ABB95@xxxxxxxxxxxxxxxx

I recently deployed half a dozen XP Pro workstations, in a native
Windows Server 2003 domain. I'm now seeing success audit messages
in the security log on all domain controllers for Event 565. The
accesses listed are:

READ_CONTROL
WritePreferences
ReadAccdount
SetPassword (without knowledge of old password)
These messages are showing up 30-40 times a second every 1-2
minutes, and mostly (but not always) for the newly deployed
workstations. I can't say that I've spent a lot of time analyzing
the security logs, but I haven't noticed this before. Can someone
shed a little light on this please?

Thanks in advance...



.

Relevant Pages