user account locking out in AD
Hello forum,
I have a user that keeps getting locked out of his profile every 15 minutes. I have downloaded software from netwrix (Account Lockout Examiner Console) which is pointing to a PC that the user has used in the past.
His profile is not under Users and Settings. Is there a better place to look regarding who has their password stored on a machine? Maybe even somewhere in the registry that keeps domain profiles and passwords that I can browse through.
It’s very frustrating knowing its coming from said PC and not knowing enough to solve the issue. It feels like im 5 clicks away from nailing this.
Kai.
I have a user that keeps getting locked out of his profile every 15 minutes. I have downloaded software from netwrix (Account Lockout Examiner Console) which is pointing to a PC that the user has used in the past.
His profile is not under Users and Settings. Is there a better place to look regarding who has their password stored on a machine? Maybe even somewhere in the registry that keeps domain profiles and passwords that I can browse through.
It’s very frustrating knowing its coming from said PC and not knowing enough to solve the issue. It feels like im 5 clicks away from nailing this.
Kai.
Comments
-
GAngel
Member Posts: 708 ■■■■□□□□□□
Download Account Lockout and Management Tools from Official Microsoft Download Center
Also go on his machine and check his machine does not have a saved pw this is usually the issue.
win 7 > ctrl panel > user acct > manage credentials. -
cruwl
Member Posts: 341 ■■□□□□□□□□
There are a few posts about this exact issue here with a lot of good trouble shooting in them. He could have a service set to run as his account, or a scheduled task ect.
-
Kai123
Member Posts: 364 ■■■□□□□□□□
The PC he is using is "PC01" and the PC being flagged is "PC03". He is definately not logged onto PC03 but the lockout software says he is. On PC01, his credentials are set in windows (his username and password). That should actually be the problem, and it would make sense if the software was flagging PC01 instead of PC03.
I will delete his local password settings tomorrow morning, and that should hopefully solve the issue. It makes sense, since no-one should have "local" stored password settings when they are logging in via the domain. -
colemic
Member Posts: 1,569 ■■■■■■■□□□
As a test you could just try unplugging PC03 and seeing if his acct still gets locked out, then do the same w/ PC01. That will definitely tell you which PC is caching old credentials.Working on: staying alive and staying employed -
Kai123
Member Posts: 364 ■■■□□□□□□□
As a test you could just try unplugging PC03 and seeing if his acct still gets locked out, then do the same w/ PC01. That will definitely tell you which PC is caching old credentials.
PC03 is a critical machine. I had thought about logging him out but the software was correct in the first place, I was just looking in the wrong place on the machine.
It was PC03 though, found his password credentials in "manage network passwords". The other system admins are very happy with the piece of software I found, since before they would create a new account entirely. This way is much more faster. -
LeifAlire
Member Posts: 106
Use EventCombMT.exe from Account Management Tools from Microsoft. If the lockout is coming from within your network you will find it using that tool.2015 Goals: VCP-550 - CISA - 70-417
