Oh, Windows how do I admin thee? Let me count the ways... On Fri, Nov 20, 2009 at 5:37 PM, Steven Peck <sep...@gmail.com> wrote:
> or PowerShell with Quest Active Directory cmdlets. > > PS:> Get-QADUser -Locked -SizeLimit 0 > > Some options to play with > PS:> $a = Get-QADUser -Locked -SizeLimit 0 > PS:> $a.count > (this will get you a count) > PS:> $a | select DisplayName, Logonname > PS:> $a | ft DisplayName, Logonname, CanonicalName -AutoSize > > PS:> $a | Unlock-QADUser > > Steven > > On Fri, Nov 20, 2009 at 1:47 PM, Kent, Larry CTR USA > <larry.k...@us.army.mil> wrote: > > Classification: UNCLASSIFIED > > Caveats: NONE > > > > Or Set up this query in ADU&C, somewhat useful…. > > > > > > > > > http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/ActiveDirectory/FindAllLocked-OutAccounts.html > > > > > > > > > > > > From: Greg Olson [mailto:gol...@markettools.com] > > Sent: Friday, November 20, 2009 2:33 PM > > To: NT System Admin Issues > > Subject: RE: Conficker Help! > > > > > > > > Go grab the trial version of NetWrix Account lockout Examiner: > > > > http://www.netwrix.com > > > > > > > > It will monitor your domain controllers and look for lockout’s and report > > what machine there coming from. > > > > > > > > > > > > From: Orland, Kathleen [mailto:korl...@rogers.com] > > Sent: Friday, November 20, 2009 6:08 AM > > To: NT System Admin Issues > > Subject: Re: Conficker Help! > > > > > > > > That's what I did with my Conficker hit earlier this year. Also, in spite > of > > the fact it looked as though everyone was infected and popping up virus > > alerts we really only had one infected laptop. McAfee (not my choice to > run) > > was popping up alerts on every PC every time the one infected PC tried to > > use a bad password. I was able to determine alot from checking 1) bad > > password attempts 2) McAfee logs. > > > > ----- Original Message ----- > > > > From: Mayo, Bill > > > > To: NT System Admin Issues > > > > Sent: Friday, November 20, 2009 8:41 AM > > > > Subject: RE: Conficker Help! > > > > > > > > Look for multiple bad password attempts coming from the same source. > > > > > > > > ________________________________ > > > > From: Kelsey, John [mailto:jckel...@drmc.org] > > Sent: Friday, November 20, 2009 8:34 AM > > To: NT System Admin Issues > > Subject: Conficker Help! > > > > Looks like we're getting hit the Conficker this morning. Sophos is > > reporting several hundred 'conficker detected/cleaned' messages, so at > least > > its catching it...BUT....how do I determine the source of the infection? > > Something I can look for with wireshark or something? Apparently there > are > > some unprotected machines on the network. > > > > > > > > Any suggestions are welcome! > > > > > > > > > > > > ******************************* > > John C. Kelsey > > DuBois Regional Medical Center > > (: 814.375.3073 > > 2 : 814.375.4005 > > *: jckel...@drmc.org > > ******************************* > > > > > > > > > > > > This email and any files transmitted with it are confidential and > intended > > solely for the use of the individual or entity to whom they are > addressed. > > If you have received this email in error please notify the system > manager. > > This message contains confidential information and is intended only for > the > > individual named. If you are not the named addressee you should not > > disseminate, distribute or copy this e-mail. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Classification: UNCLASSIFIED > > Caveats: NONE > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~