Security Basics mailing list archives
RE: Locked out local admin accounts...
From: "Dinis Cruz" <dinis () ddplus net>
Date: Fri, 13 Aug 2004 00:04:09 +0100
That sounds like a GPO problem since there is one setting which disables the local administrator account. Do some RSoP analysis on the affected computers using the GPMC (you will need a XP box to run it) Dinis
-----Original Message----- From: Ryan Murphy [mailto:RMurphy () irvinecompany com] Sent: 11 August 2004 22:22 To: 'security-basics () securityfocus com' Subject: Locked out local admin accounts... In our environment today, local administrator accounts on workstations and servers have been getting locked out at an alarming rate. Nothing crazy is standing out on the IDS, and the security logs on the machines that are having the administrator account locked out aren't showing any login attempts. What could be going on here? We're a Win2000 environment, and domain accounts seem to be unaffected, it's only the local administrator accounts that are getting locked. This is very bizarre. Thanks for your help, Ryan Murphy ============================= Notice to recipient: This e-mail is meant for only the intended recipient of the transmission, and may be a confidential communication or a communication privileged by law. If you received this e-mail in error, any review, use, dissemination, distribution, or copying of this e-mail is strictly prohibited. Please notify us immediately of the error by return e-mail and please delete this message from your system. Thank you in advance for your cooperation. -------------------------------------------------------------------------- - Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------- --
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Locked out local admin accounts... Ryan Murphy (Aug 12)
- Re: Locked out local admin accounts... Miles Stevenson (Aug 13)
- Re: Locked out local admin accounts... Paul Kurczaba (Aug 13)
- Re: Locked out local admin accounts... p4ck3t_5t0rM (Aug 13)
- RE: Locked out local admin accounts... Dinis Cruz (Aug 13)
- RE: Locked out local admin accounts... Ed Spencer (Aug 13)
- Re: Locked out local admin accounts... Kazumi Amano (Aug 13)
- <Possible follow-ups>
- RE: Locked out local admin accounts... Dinis Cruz (Aug 13)
- RE: Locked out local admin accounts... Michael Shirk (Aug 13)