Accout Lockout

  • Thread starter Thread starter zameer
  • Start date Start date
Z

zameer

Hi ALL,


Pls help in this issue recently we implemented GPO by
creating Template.Now a days we are facing problem with
Accout lockout daily when I come to my office I see
atlest 10-20 accout lockout.

1)Domain Level
2)Domain controller Level sec policy

1)Here are the Domain level Policies,

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 30
MinimumPasswordLength = 6
PasswordComplexity = 0
PasswordHistorySize = 24
LockoutBadCount = 3
ResetLockoutCount = 10080
LockoutDuration = -1
ClearTextPassword = 0
[System Log]
AuditLogRetentionPeriod = 1
RetentionDays = 60
[Security Log]
AuditLogRetentionPeriod = 1
RetentionDays = 60
[Application Log]
AuditLogRetentionPeriod = 1
RetentionDays = 60
[Event Audit]
AuditSystemEvents = 2
AuditLogonEvents = 3
AuditObjectAccess = 2
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditDSAccess = 2
AuditAccountLogon = 3
[Kerberos Policy]
MaxTicketAge = 10
MaxRenewAge = 7
MaxServiceAge = 600
MaxClockSkew = 5
TicketValidateClient = 1
[Registry Values]
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms=1,0
[Version]
signature="$CHICAGO$"
Revision=1

2)Domain controller sec policy

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 186
MinimumPasswordLength = 14
PasswordComplexity = 1
PasswordHistorySize = 4
LockoutBadCount = 5
ResetLockoutCount = 30
LockoutDuration = -1
[System Log]
MaximumLogSize = 15360
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Security Log]
MaximumLogSize = 40960
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Application Log]
MaximumLogSize = 15360
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Event Audit]
AuditSystemEvents = 3
AuditLogonEvents = 3
AuditObjectAccess = 2
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 0
AuditDSAccess = 2
AuditAccountLogon = 3
CrashOnAuditFull = 0
[Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Par
ameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\SignSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\RequireStrongKey=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\RequireSignOrSeal=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\DisablePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstatio
n\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstatio
n\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstatio
n\Parameters\EnablePlainTextPassword=4,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Par
ameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Control\Session
Manager\ProtectionMode=4,1
MACHINE\System\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown=4,1
MACHINE\System\CurrentControlSet\Control\Print\Providers\L
anMan Print Services\Servers\AddPrinterDrivers=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnony
mous=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibili
tyLevel=4,4
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilege
Auditing=3,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditF
ail=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObje
cts=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\ShutdownWithoutLogon=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\LegalNoticeText=1,Programs and data held on this
system are PRIVATE PROPERTY and may bs accessed only by
authorised users for purposes which have been authorised.
Unauthorised access to this computer material contravenes
company rules,is a criminal offence and may bring
disciplinary action by the company,as well as incur
criminal penalties ans civil damages.If you are not an
authorised user,proceed no further.This system is subject
to routine monitoring of all activities.
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\LegalNoticeCaption=1,UNAUTHORISED ACCESS WARNING!
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DontDisplayLastUserName=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DisableCAD=4,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScRemoveOption=1,1
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,5
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Non-Driver Signing\Policy=3,1
MACHINE\Software\Microsoft\Driver Signing\Policy=3,1
[Privilege Rights]
SeNetworkLogonRight = *S-1-5-32-544,*S-1-5-11
SeMachineAccountPrivilege = *S-1-5-32-548,*S-1-5-32-544
SeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551
SeChangeNotifyPrivilege = *S-1-5-32-544,*S-1-5-11
SeSystemtimePrivilege = *S-1-5-32-549,*S-1-5-32-544
SeCreatePagefilePrivilege = *S-1-5-32-544
SeEnableDelegationPrivilege = *S-1-5-32-544
SeRemoteShutdownPrivilege = *S-1-5-32-549,*S-1-5-32-544
SeIncreaseQuotaPrivilege = *S-1-5-32-544
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeLoadDriverPrivilege = *S-1-5-32-544
SeInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-551
SeSecurityPrivilege = *S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544
SeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551
SeShutdownPrivilege = *S-1-5-32-544
SeTakeOwnershipPrivilege = *S-1-5-32-544
[Registry Keys]
"MACHINE\SOFTWARE",2,"D:P(A;CI;GR;;;AU)(A;CI;SDGWGR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Classes",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)
(A;CI;GA;;;SY)"
"MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Protected Storage System
Provider",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\User Shell Folders",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,
"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Ex",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group
Policy",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
er",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policie
s",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\AeDebug",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\AsrCommands",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)
(A;CI;SDGWGR;;;BO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib\009",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\Clone",1,"D:AR"
"MACHINE\SYSTEM\ControlSet001",1,"D:AR"
"MACHINE\SYSTEM\ControlSet002",1,"D:AR"
"MACHINE\SYSTEM\ControlSet003",1,"D:AR"
"MACHINE\SYSTEM\ControlSet004",1,"D:AR"
"MACHINE\SYSTEM\ControlSet005",1,"D:AR"
"MACHINE\SYSTEM\ControlSet006",1,"D:AR"
"MACHINE\SYSTEM\ControlSet007",1,"D:AR"
"MACHINE\SYSTEM\ControlSet008",1,"D:AR"
"MACHINE\SYSTEM\ControlSet009",1,"D:AR"
"MACHINE\SYSTEM\ControlSet010",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Control",2,"D:P
(A;CI;GR;;;AU)(A;CI;SDGWGR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Class",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard
Layout",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard
Layouts",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers"
,2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl"
,2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",
2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServer
s\winreg",2,"D:P(A;CI;GA;;;BA)(A;CI;GR;;;BO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,
"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Computername",2,
"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex",2,
"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",
2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers",
2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:
(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip",2,"D:
(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Hardware
Profiles",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Services",2,"D:P
(A;CI;GR;;;AU)(A;CI;SDGWGR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:
P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\KDC",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:
P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"USERS\.DEFAULT",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P
(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
"USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage
System Provider",1,"D:AR"
[Version]
signature="$CHICAGO$"
Revision=1


Pls help me in this issue
 
Hello Zameer,

Account Lockout issues can be quite difficult to narrow down, alot of the
times the best that can be done via MS Support is to let you know which
computer is causing the lockouts to occur.

Here are some ideas based on the information you have submitted.

General comments:

1. Having a lockout policy of 3 attempts is to low. One bad password
(mistype) will generate 2 bad attempts as we will use Kerberos and then fail
over to NTLM. 15 is the recommendation from Microsoft.

2. Having a lockout policy at without complexity enabled does not make sence
to me.

3. Password policies can only be applied at the domain level.

Somethings to consider:

1. If you implement a lockout policy expect to manage account lockouts, as
they will happen, the lower the number the higher the management costs.

2. A mapped drive that is configured to reconnect at logon will use current
credentials and will not autoupdate.

3. Lots of 3rd party services and software use users credentials. This info
is sometimes cached and old.

4. Find something in common with the lockouts. Look for services running
with users credentials instead of local system.

5. Common culprits are anythings that caches credentials or passes old
credentials automatically, mapped drives, services, scripts, AV software,
remote control software.. etc.

6. Make sure you have the latest service packs for all of your domain
controllers and Exchange. There are some documented bugs in regards to
Win2000 DCs and also Exchange when using Outlook Web Access that can cause
account lockouts.



264678 Increased Account Lockout Frequency in Windows 2000 Domain
http://support.microsoft.com/?id=264678

276541 Unexpected Account Lockouts Caused When Logging On to Outlook from an
http://support.microsoft.com/?id=276541

If you call in to tsupport they will probably need you to enabled Netlogon
logging on all the Domain Controllers in your environement to determine
where the lock outs are coming from:

109626 Enabling Debug Logging for the Net Logon Service
http://support.microsoft.com/?id=109626

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.








zameer said:
Hi ALL,


Pls help in this issue recently we implemented GPO by
creating Template.Now a days we are facing problem with
Accout lockout daily when I come to my office I see
atlest 10-20 accout lockout.

1)Domain Level
2)Domain controller Level sec policy

1)Here are the Domain level Policies,

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 30
MinimumPasswordLength = 6
PasswordComplexity = 0
PasswordHistorySize = 24
LockoutBadCount = 3
ResetLockoutCount = 10080
LockoutDuration = -1
ClearTextPassword = 0
[System Log]
AuditLogRetentionPeriod = 1
RetentionDays = 60
[Security Log]
AuditLogRetentionPeriod = 1
RetentionDays = 60
[Application Log]
AuditLogRetentionPeriod = 1
RetentionDays = 60
[Event Audit]
AuditSystemEvents = 2
AuditLogonEvents = 3
AuditObjectAccess = 2
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditDSAccess = 2
AuditAccountLogon = 3
[Kerberos Policy]
MaxTicketAge = 10
MaxRenewAge = 7
MaxServiceAge = 600
MaxClockSkew = 5
TicketValidateClient = 1
[Registry Values]
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms=1,0
[Version]
signature="$CHICAGO$"
Revision=1

2)Domain controller sec policy

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 186
MinimumPasswordLength = 14
PasswordComplexity = 1
PasswordHistorySize = 4
LockoutBadCount = 5
ResetLockoutCount = 30
LockoutDuration = -1
[System Log]
MaximumLogSize = 15360
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Security Log]
MaximumLogSize = 40960
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Application Log]
MaximumLogSize = 15360
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Event Audit]
AuditSystemEvents = 3
AuditLogonEvents = 3
AuditObjectAccess = 2
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 0
AuditDSAccess = 2
AuditAccountLogon = 3
CrashOnAuditFull = 0
[Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Par
ameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\SignSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\RequireStrongKey=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\RequireSignOrSeal=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramet
ers\DisablePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstatio
n\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstatio
n\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstatio
n\Parameters\EnablePlainTextPassword=4,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Par
ameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Control\Session
Manager\ProtectionMode=4,1
MACHINE\System\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown=4,1
MACHINE\System\CurrentControlSet\Control\Print\Providers\L
anMan Print Services\Servers\AddPrinterDrivers=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnony
mous=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibili
tyLevel=4,4
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilege
Auditing=3,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditF
ail=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObje
cts=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\ShutdownWithoutLogon=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\LegalNoticeText=1,Programs and data held on this
system are PRIVATE PROPERTY and may bs accessed only by
authorised users for purposes which have been authorised.
Unauthorised access to this computer material contravenes
company rules,is a criminal offence and may bring
disciplinary action by the company,as well as incur
criminal penalties ans civil damages.If you are not an
authorised user,proceed no further.This system is subject
to routine monitoring of all activities.
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\LegalNoticeCaption=1,UNAUTHORISED ACCESS WARNING!
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DontDisplayLastUserName=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DisableCAD=4,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScRemoveOption=1,1
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,5
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Non-Driver Signing\Policy=3,1
MACHINE\Software\Microsoft\Driver Signing\Policy=3,1
[Privilege Rights]
SeNetworkLogonRight = *S-1-5-32-544,*S-1-5-11
SeMachineAccountPrivilege = *S-1-5-32-548,*S-1-5-32-544
SeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551
SeChangeNotifyPrivilege = *S-1-5-32-544,*S-1-5-11
SeSystemtimePrivilege = *S-1-5-32-549,*S-1-5-32-544
SeCreatePagefilePrivilege = *S-1-5-32-544
SeEnableDelegationPrivilege = *S-1-5-32-544
SeRemoteShutdownPrivilege = *S-1-5-32-549,*S-1-5-32-544
SeIncreaseQuotaPrivilege = *S-1-5-32-544
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeLoadDriverPrivilege = *S-1-5-32-544
SeInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-551
SeSecurityPrivilege = *S-1-5-32-544
SeSystemEnvironmentrivilege = *S-1-5-32-544
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544
SeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551
SeShutdownPrivilege = *S-1-5-32-544
SeTakeOwnershipPrivilege = *S-1-5-32-544
[Registry Keys]
"MACHINE\SOFTWARE",2,"D:P(A;CI;GR;;;AU)(A;CI;SDGWGR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Classes",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)
(A;CI;GA;;;SY)"
"MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Protected Storage System
Provider",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore
r\User Shell Folders",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,
"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Ex",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta
ll",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group
Policy",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
er",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policie
s",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\AeDebug",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\AsrCommands",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)
(A;CI;SDGWGR;;;BO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib\009",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;AU)
(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\Clone",1,"D:AR"
"MACHINE\SYSTEM\ControlSet001",1,"D:AR"
"MACHINE\SYSTEM\ControlSet002",1,"D:AR"
"MACHINE\SYSTEM\ControlSet003",1,"D:AR"
"MACHINE\SYSTEM\ControlSet004",1,"D:AR"
"MACHINE\SYSTEM\ControlSet005",1,"D:AR"
"MACHINE\SYSTEM\ControlSet006",1,"D:AR"
"MACHINE\SYSTEM\ControlSet007",1,"D:AR"
"MACHINE\SYSTEM\ControlSet008",1,"D:AR"
"MACHINE\SYSTEM\ControlSet009",1,"D:AR"
"MACHINE\SYSTEM\ControlSet010",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Control",2,"D:P
(A;CI;GR;;;AU)(A;CI;SDGWGR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Class",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard
Layout",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard
Layouts",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers"
,2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl"
,2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",
2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServer
s\winreg",2,"D:P(A;CI;GA;;;BA)(A;CI;GR;;;BO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,
"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Computername",2,
"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex",2,
"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",
2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers",
2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:
(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip",2,"D:
(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Hardware
Profiles",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Services",2,"D:P
(A;CI;GR;;;AU)(A;CI;SDGWGR;;;SO)(A;CI;GA;;;BA)
(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:
P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\KDC",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",2,"D:P
(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:
P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)
(A;CI;GA;;;CO)"
"USERS\.DEFAULT",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)
(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P
(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
"USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage
System Provider",1,"D:AR"
[Version]
signature="$CHICAGO$"
Revision=1


Pls help me in this issue
Click to expand...
 
Back
Top