Users locking themselves out a lot can be something as simple as them forgeting thei password. Some things you haven't mentioned that might help some of us better answer your question would be as follows?
What exactly is your password policy? Are you enforcing the policy from the Primary Domain Controller? Are you clients configured to accept the password policy from the Primary Domain controller? Is the user logging onto any workstations that will not accept logins from global groups to which his/her account is currently a member of? If the answer to any or all of the questions is yes, it is possible someone thinks its funny to lock out another persons account continually i.e. typing in the victim(s) username/no-password the amount of times the domain controller or local machine has set for account lockouts. If the person is logging onto a workstation where access is restricted to certain global groups, this may also lock a user out. Againm t could also be the person has forgotten their password. If you have a strong password policy in place, it is not uncommon to have 10-20 account unlocks per week for a large userbase. If the answer to any of the questions above is no, I would consider enabling security audits on each workstation being enabled to log each transaction for the netlogon service. Cheers Keith J. Kronenbitter --- Lists <[EMAIL PROTECTED]> wrote: > > Network info: > > NT 4 server network with W2KPro clients. > > > Situation: > > We have a user that keeps getting their NT account > locked out for reasons that we are not yet aware. > Unable to get much info from Event Viewer on NT4 > servers or W2KPro client. Don't know if this is > being done by someone intentionally (somewhere on > the network or from the client's computer) just to > give us a hard time, or a rouge program somewhere on > the network or client's computer trying to logon as > that > user. At this time, we are not ruling anyone out, > everyone is suspect. We have replaced the client's > computer (not totally, user copied shortcuts and > some files back to the new desktop...I know, if it > was up to me they would not have been allowed to do > this, but it's not up to me) and the account is > still getting locked out. We are in the process of > creating a new NT account for this user and see if > it still occurs. > > > Bottom Line: > > We need to find out what is causing this account to > get locked out and prevent it from happening again. > > > Some thoughts: > > Is there third party software that will be able to > determine what is causing this account to get locked > out? Some sort of sniffing program on the server or > the client to find out what program is trying to > logon with this account and from where? > > If this is a user doing this intentionally, what are > they doing and from where? Are they trying to > connect remotely to the client?s registry, or to a > share on the > client computer? > > Is there third party software that can help? > > Any suggestions/recommendations welcome. > > > > Thanks, > Jack > > > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
