RE: Locked out local admin accounts...

["Dinis Cruz" <dinis () ddplus net>]

That sounds like a GPO problem since there is one setting which disables the
local administrator account.

Do some RSoP analysis on the affected computers using the GPMC (you will
need a XP box to run it)

Dinis

> -----Original Message-----
> From: Ryan Murphy [mailto:RMurphy () irvinecompany com]
> Sent: 11 August 2004 22:22
> To: 'security-basics () securityfocus com'
> Subject: Locked out local admin accounts...
>
> In our environment today, local administrator accounts on workstations and
> servers have been getting locked out at an alarming rate. Nothing crazy is
> standing out on the IDS, and the security logs on the machines that are
> having the administrator account locked out aren't showing any login
> attempts. What could be going on here? We're a Win2000 environment, and
> domain accounts seem to be unaffected, it's only the local administrator
> accounts that are getting locked.
>
> This is very bizarre.
>
> Thanks for your help,
>
> Ryan Murphy
>
>
>
> =============================
> Notice to recipient:  This e-mail is meant for only the intended recipient
> of the transmission, and may be a confidential communication or a
> communication privileged by law.  If you received this e-mail in error,
> any
> review, use, dissemination, distribution, or copying of this e-mail is
> strictly prohibited.  Please notify us immediately of the error by return
> e-mail and please delete this message from your system.  Thank you in
> advance for your cooperation.
>
> --------------------------------------------------------------------------
> -
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
> --



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------