account locked

  • Thread starter Thread starter flavio alves
  • Start date Start date
F

flavio alves

Hi, guys

I have problem with account locked in several and several
cliens day by day . 20 or 30 users have his account
blecked for day . We has two server like pdc and bdc, 800
users . I did see in technet that is one problem that can
to b corrected with one sp2 or sp3, but has sp4 in all y
servers . What can i do, migrate to windows 2003 or try to
fix this problem ! Ah , my clients are windows xp .

Flavio ALves
 
Sounds like you may have a Virus running rampent in your environment. What
are you using for Virus protection? Do you have an IDS implementation? If
not, you can always enable Netlogon debugging on the domain controllers and
review the log. While this is a crude method of monitoring and I would not
recomend this as a long term solution; it will give you a quick look and
identify if you have some sort of virus attempting DOS attacks.

http://support.microsoft.com/?id=109626

You will see results in the netlogon log such as these:

11/27 00:50:29 [LOGON] SamLogon: Transitive Network logon of
MERCA1VAP\Administrator from MERCA1VAP (via USSTZWS36988914) Entered

11/27 00:47:17 [LOGON] SamLogon: Transitive Interactive logon of
PHX-DC\emaexchadmin from TAHOE (via PHXDCW2DC001) Entered

11/27 00:47:17 [LOGON] SamLogon: Transitive Interactive logon of
PHX-DC\emaexchadmin from TAHOE (via PHXDCW2DC001) Returns 0xC000006A

0xC000006A = Bad Password.

You may even see mesaages such as password cannot be cracked. The machine in
this case that is infected in the above expamle is TAHOE which is trying to
crack passwords vai PHXDCw2DC001.

If domain accounts are getting locked out daily; this could mean that you
may have a more serious problem on your hands since it is now enumerating
user accounts in your domain and now trying to crack their passwords. I would
also consider implementing account lockout policy as mentioned in the link
posted by Dennis Wong in the previous thread.

Best Regards,

John Powell



Denis Wong @ Hong Kong said:
Mark [MSFT] posted this white paper some threads away. Pls take a look.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

BR,
Denis

flavio alves said:
Hi, guys

I have problem with account locked in several and several
cliens day by day . 20 or 30 users have his account
blecked for day . We has two server like pdc and bdc, 800
users . I did see in technet that is one problem that can
to b corrected with one sp2 or sp3, but has sp4 in all y
servers . What can i do, migrate to windows 2003 or try to
fix this problem ! Ah , my clients are windows xp .

Flavio ALves
Click to expand...
Click to expand...
 
Back
Top