Security Basics mailing list archives
Re: Locked out local admin accounts...
From: Kazumi Amano <kazumi.amano () cba ufl edu>
Date: Fri, 13 Aug 2004 08:21:09 -0400
We are having a similar issue here. An admin account gets locked out constantly. Logs surrounding the lockout for the account are all successful. We have an active directory with Win2k3 servers and XP for workstations. The single account having this problem happens to be placed in the local administrators group by a group policy. At first I assumed there was some script running that had a wrong password in it. Thing is there are no failed log-ons for the account around the time of the lockout. So a wrong password does not seem to be the case. Anyone know if there is a way an account could get locked out other than numerous failed log-ons? Anyone else having a similar problem or have any ideas as to what could cause this? ___________________________________________ Kazumi Amano Internet Systems Administrator Dudziak-McClintock Business Technology Center Warrington College of Business University of Florida 100B STZ PO Box 117158 1 (352) 392-0166 x302 amano () cba ufl edu __________________________________________ Ryan Murphy <RMurphy () irvinecompany com> 08/11/2004 06:21 PM To "'security-basics () securityfocus com'" <security-basics () securityfocus com> cc Subject Locked out local admin accounts... In our environment today, local administrator accounts on workstations and servers have been getting locked out at an alarming rate. Nothing crazy is standing out on the IDS, and the security logs on the machines that are having the administrator account locked out aren't showing any login attempts. What could be going on here? We're a Win2000 environment, and domain accounts seem to be unaffected, it's only the local administrator accounts that are getting locked. This is very bizarre. Thanks for your help, Ryan Murphy ============================= Notice to recipient: This e-mail is meant for only the intended recipient of the transmission, and may be a confidential communication or a communication privileged by law. If you received this e-mail in error, any review, use, dissemination, distribution, or copying of this e-mail is strictly prohibited. Please notify us immediately of the error by return e-mail and please delete this message from your system. Thank you in advance for your cooperation. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Locked out local admin accounts... Ryan Murphy (Aug 12)
- Re: Locked out local admin accounts... Miles Stevenson (Aug 13)
- Re: Locked out local admin accounts... Paul Kurczaba (Aug 13)
- Re: Locked out local admin accounts... p4ck3t_5t0rM (Aug 13)
- RE: Locked out local admin accounts... Dinis Cruz (Aug 13)
- RE: Locked out local admin accounts... Ed Spencer (Aug 13)
- Re: Locked out local admin accounts... Kazumi Amano (Aug 13)
- <Possible follow-ups>
- RE: Locked out local admin accounts... Dinis Cruz (Aug 13)
- RE: Locked out local admin accounts... Michael Shirk (Aug 13)