Why User Account locks every morning?

[John Gong]

Please help! Why is user account locks itself every
night? How do I fix that so the account will not lock at
anytime. Thanks.

 

[Richard Moreno]

Hi-

This can happen for various reasons. Typically it's because the user account
is logged on simultaneously at another workstation, a local service is using
the account and old password, or some application has the user account and
old password associated with it.

Best bet is to check the security log of the domain controller or local
workstation and look for events 539 and 644.

 

[Deji Akomolafe]

If it's happening every morning, then it's a good indication that there is a
scheduled task somewhere that was configured to use this account. It must
have been configured when the password for the account was different. Then
the password was changed and no one remembers to go and change it on the
scheduled task's configuration.

An easy way to trace the source is to enable netlogon logging on your ALL
Domain Controllers (or, at least THE DC close to where the user is located
AND the PDCE). Then examine the Netlogon.log file (usually located in
\\DCName\c$\WINNT\Debug) when the lockout occurs.

To enable netlogon logging on DCs, create a String Value called "DBFlag"
under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
Set the Value to "0x2080ffff"
Restart Netlogon services on the DCs.
Wait, Watch, then examine the netlogon.log file.

HTH

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon