Security Basics mailing list archives

RE: Account lockout

From: "Lubrano di Ciccone, Christophe (DEF)" <diciccone () ppg com>
Date: Tue, 14 Jan 2003 09:51:24 -0500

Relogged again will only make a refresh of the last know good configuration.
1 When you said "When he found out that the password was indeed right he changed it back to what it was initially" : Ar 
you sure that now the password configured in the services and in AD are the same.
If yes make a showreps on all DC to check the replication.
Otherwise : 
- it happens when a session is locked on a box.
- it happens also when the Account/password is used on another system (Unix etc) and used for ftp batch.

Hope this help you
christophe
ps used different account for admin tasks (the system and application), for the services etc.

-----Original Message-----
From: Alex Tarata [mailto:atarata () bigpond net au]
Sent: dimanche 12 janvier 2003 05:42
To: security-basics () securityfocus com
Subject: Account lockout


Hi all,

Im not sure if this is the right place to post this but anyway here it goes:
recently at our organization we have changed an admin password on the domain
controllers and we had to reboot all the servers involved and relog them
with the new password. All went good apart from some small things we have
managed to solve. The problem occured when some guy changed the password on
the DCs again thinking the password was wrong. When he found out that the
password was indeed right he changed it back to what it was initially. Now
we are experiencing problems with account lockouts very often. What I am
thinking is that the servers might need to be rebooted and relogged with the
password AGAIN. Is this true or should I look for another cause of the
lockout ?

Just to make more clear what we did when we changed the pass is: we changed
the pass on all the scripts using that account, checked all the services
using that account, checked all the web, SQL services that could be using
that account and also the scheduled tasks.

But obviosly there is something wrong as the account is still being locked
out. If you have any ideas please mail me as this is very important and I am
running out of ideeas.


Regards,
Alex
This email message is for the exclusive use of the recipient (s) and may contain confidential and privileged 
information. Any unauthorized review, use, disclosure, copying, action taken in reliance on the contents or 
distribution is strictly prohibited. If you received this email in error, contact the sender by reply email and destroy 
all copies of the original message.

Current thread:

Account lockout Alex Tarata (Jan 14)
- RE: Account lockout Brian Stoneburner (Postmaster) (Jan 15)
  - Re: Computer Forensics David Andersson (Jan 22)
    - Re: Computer Forensics Gene Yoo (Jan 23)
    - Re: Computer Forensics John Smit (Jan 24)
- <Possible follow-ups>
- RE: Account lockout Smith, Paul C. (Jan 14)
  - RE: Account lockout Benjamin Meade (Jan 15)
- RE: Account lockout Anthony, Shayla (Jan 15)
- RE: Account lockout Anthony, Shayla (Jan 15)
- RE: Account lockout Lachlan McGill (Jan 15)
- RE: Account lockout Lubrano di Ciccone, Christophe (DEF) (Jan 21)