I have a user (XP pro) who gets locked out of her account every day.

By btoohey ·
Every evening after the user leaves I go into AD and unlock her account the next morning she is locked again. I've made a completely new profile on the pc and in AD and she is still getting locked out. I've unplugged the pc's power to rule out the Auto startup we have running and had no luck.
Any ideas are MUCH appreciated

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

account lookout, how do you find prior drive mapping?

by Jxoco In reply to Account Lockout

We have the same thing with one of our users. A long time user, but we just instituted password changing after 30 days.
So if she has a drive mapping 'out there' how can I find the machine that the mapping is on.
Like a needle in a haystack we have about 700 machines on the network. How can I narrow it down?

Collapse -

Try this...

by MrRich In reply to account lookout, how do y ...

You ought to be able to check her logons on your DC's event log. Once you know which machines she has used its easy, just check those workstations for the drive mappings.
RDP to the workstation and log in as the user.
(Which may mean changing her password again...)

Another way would be to set her a logon script that lists the mapped drives to a file. Run that for a few days and see what you get.

Collapse -


by lyle In reply to I have a user (XP pro) wh ...

Many users type the password incorrectly or do not remember it. How many tries does she get before being locked out? Is she in the habit of always having the Caps Lock on? Also with many systems requiring several passwords - Domain, AS/400, Firewall, etc. it is easy to confuse even appearantly savvy users as to which password is used when.

Collapse -

Has user login into server or other computer?

by bmacias In reply to I have a user (XP pro) wh ...

Has the user logged into another computer or server (terminal Server) since last password change? I don't suppose you have any logging or alert system turned on that would tell you which machine is making the calls (You using sitescope)? The Lockout could be caused by a service or schedule task running with user's old credentials (I hold company lock out record for that one).

Collapse -

This was most common

by 308Tom In reply to Has user login into serve ...

A user who "forgot" they had logged on to another computer, failed to logoff AND had changed their password in the interim has been my most common cause of this issue. Usually they only "remember" after you find the offending workstation.

Check the Domain Controller security logs to find what may be a 529 error or a Kerberos error 0x18 and may have the user's ID in it. That will yield the IP address of the station that is trying to authenticate with a bad password and triggering the lockout.

Another possibility is the user mapped a persistent static drive with their credential while another user was logged in on another machine - and subsequently changed their password.

Again back to the Domain Controller security logs to find the offending IP.

Collapse -

Saved passwords?

by bconley In reply to I have a user (XP pro) wh ...

Perhaps at some point she saved a password that authenticates her to some domain resource such as authenticating to a file share or IIS site. We have a analytical cell counter instrument that uses IIS.

Collapse -

Things that worked for me.....

by cawallace007 In reply to I have a user (XP pro) wh ...

This has only happened after a password change for my users, including myself.

It gets fixed by doing the following, not sure which one.

Turn off cache mode in MS Outlook.
Delete and recreate any printers or drive mappings that were created locally versus through domain login.

Collapse -

I have a user (XP pro) who gets locked out of her account every day.

by issy_3 In reply to I have a user (XP pro) wh ...

Check for any services that might be running with that account, i had a similar situation and that was the problem


Collapse -

Lock out in AD

by sylesh.charan In reply to I have a user (XP pro) wh ...

Please make sure the user does a proper logout procdure from the desktop or laptop client. Once you have confirmed, check the users has got no logout script in AD that runs when the users logout. let me know.


Collapse -

Check your server tapes.

by fredscomprepair In reply to I have a user (XP pro) wh ...

Do you have your server, set to backup each evening? It may be resetting the lock-out with the backups, if you get my drift??

Related Discussions

Related Forums