-----Original Message-----
"The" administrator account can not be locked out. If you use passprop, then
it is possible I believe to lock it out from network lofon only. Otherwise
you will need to enable auditing of logon events for success and failure on
those machines and look for event ID 644. You could use something like Event
Comb [or third party program] to scan multiple computers on the network
assuming you have administrator access to them. --- Steve
http://is-it-true.org/nt/atips/atips155.shtml
http://tinyurl.com/a5zj
Is there any way to run a report that would tell me which
Windows 2000 workstations or servers on our network have
the local admin account locked out?
Thanks!
.
If I look at the properties of the administrator account
the box next to "locked out" is checked. What would cause
this?
Thanks,
Darryl
-----Original Message-----
"The" administrator account can not be locked out. If you use passprop, then
it is possible I believe to lock it out from network lofon only. Otherwise
you will need to enable auditing of logon events for success and failure on
those machines and look for event ID 644. You could use something like Event
Comb [or third party program] to scan multiple computers on the network
assuming you have administrator access to them. --- Steve
http://is-it-true.org/nt/atips/atips155.shtml
http://tinyurl.com/a5zj
Is there any way to run a report that would tell me which
Windows 2000 workstations or servers on our network have
the local admin account locked out?
Thanks!
.
Steven L Umbach said:If passprop was used, it may be locked out to interactive logon. See if the
administrator can logon at the console, possibly trying safe mode. Normally
the lockout box is grayed out on the administrator account [not sure if
passprop would affect that]. The true administrator account can not be
disabled or removed from the local administrators group. Check to make sure
that the account is indeed the administrator account by checking group
membership on it ["net user administrator" will also work using actual logon
name], though I suppose the original could have been renamed and left a
member of the administrators group. Often the administrator account will be
renamed and a "decoy" administrator will be created that actually is not the
administrator account. When in doubt check membership of the local
administrators group for members, one of which must be the actual
administrator. When looking at accounts, keep in mind that the account
display name [as seen in list of users] may not be the same as the acount
logon name. Sorry if this was confusing! --- Steve
If I look at the properties of the administrator account
the box next to "locked out" is checked. What would cause
this?
Thanks,
Darryl
-----Original Message-----
"The" administrator account can not be locked out. If you use passprop, then
it is possible I believe to lock it out from network lofon only. Otherwise
you will need to enable auditing of logon events for success and failure on
those machines and look for event ID 644. You could use something like Event
Comb [or third party program] to scan multiple computers on the network
assuming you have administrator access to them. --- Steve
http://is-it-true.org/nt/atips/atips155.shtml
http://tinyurl.com/a5zj
Is there any way to run a report that would tell me which
Windows 2000 workstations or servers on our network have
the local admin account locked out?
Thanks!
.
If I look at the properties of the administrator account
the box next to "locked out" is checked. What would cause
this?
Thanks,
Darryl
-----Original Message-----
"The" administrator account can not be locked out. If you use passprop, then
it is possible I believe to lock it out from network lofon only. Otherwise
you will need to enable auditing of logon events for success and failure on
those machines and look for event ID 644. You could use something like Event
Comb [or third party program] to scan multiple computers on the network
assuming you have administrator access to them. --- Steve
http://is-it-true.org/nt/atips/atips155.shtml
http://tinyurl.com/a5zj
Is there any way to run a report that would tell me which
Windows 2000 workstations or servers on our network have
the local admin account locked out?
Thanks!
.