Re: Why are my workstations changing their passwords?
- From: David LaMora <DavidLaMora@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 16 Feb 2009 13:54:02 -0800
I doubt anyone will see this, but just in case... The answer is a "new
improved" version of HP's Credential Manager. Uninstall it, and you'll stop
filling up the DC logs with useless Event 565 messages.
"David LaMora" wrote:
Most of the machines had stock HP os installs. I installed a couple from.
scratch, none were cloned. I've deployed about 50 machines to this network
using the same process, yet these latest ones seem to be the only ones with
this issue.
"Meinolf Weber [MVP-DS]" wrote:
Hello David,
One question about the machines, are they cloned without sysprepping them?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Jorge, thanks for the response. What you say sounds reasonable
enough, but I'm seeing a burst of about 40 of the same messages for a
single workstation every 1-2 minutes. That's about 28,800 messages
per day for each workstation. All the same, all successful. They
usually have the same time stamp, although it can spread over 3-4
seconds. It seems a bit excessive to me... And while I do see these
messages occasionally for other computers, it's mostly just the group
I recently deployed. Users are able to work on these machines without
problems.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
members of an AD domain initiate a password change right after they
have joined to the AD domain (if I remember that's within a day or
so) and every 30 days past the last password change
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
#
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
---------------------------------------------------------------------
---------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before
implementing!
---------------------------------------------------------------------
---------------------
#################################################
#################################################
---------------------------------------------------------------------
---------------------
"David LaMora" <DavidLaMora@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:788BAB97-6715-4F1B-9557-3864722ABB95@xxxxxxxxxxxxxxxx
I recently deployed half a dozen XP Pro workstations, in a native
Windows Server 2003 domain. I'm now seeing success audit messages
in the security log on all domain controllers for Event 565. The
accesses listed are:
READ_CONTROL
WritePreferences
ReadAccdount
SetPassword (without knowledge of old password)
These messages are showing up 30-40 times a second every 1-2
minutes, and mostly (but not always) for the newly deployed
workstations. I can't say that I've spent a lot of time analyzing
the security logs, but I haven't noticed this before. Can someone
shed a little light on this please?
Thanks in advance...
- Prev by Date: Re: GPO for system failure and recovery options
- Next by Date: Re: GPO for system failure and recovery options
- Previous by thread: Trust relationship broken
- Next by thread: Migrating Fileservers through ADMt
- Index(es):
Relevant Pages
|
