RE: [ActiveDir] Lock-outs after only one attempt...

[Raymond McClinnis]

One of these days I’ll learn how to proof read for coherency J…� I just read what I sent, doesn’t make much sense.   Windows 2K Domain, Majority of Clients is Windows 2K. Attempts is set <=5,(for obvious reasons I don’t want to say the exact #)   Joe: I thought best practices were to have it set to less than 5?� At least that’s what I remember hearing from our auditors… ��I’ll give anything a try to keep this from happening though, just takes it happening to your boss one time before you have to dedicate a whole day on attempting to fix it. J     Next time I hear it reported I’ll use EventCombMT to get more forensic data.� I know I did it once before, and was discouraged quickly by my findings.   I’ll post more when I get a call (probably later today) Thanks for all the suggestions so far!   Thanks,   Raymond   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba Sent: Tuesday, October 14, 2003 9:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Lock-outs after only one attempt...   they are very probably XP clients. They very likely have "fast user switch" option enabled on the XP. and Raymond has probably set his lockout threshold somewhere < = 5. I wager that this is the problem, barring the obvious multiple wrong password of course.   I know there is a Q article regarding this somewhere on support.microsoft.com. Good luck   Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon   From: Joe Sent: Tue 10/14/2003 6:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Lock-outs after only one attempt... How low is your policy set? If it is 10 or less reconsider. Think about what the lockout policy is in place to avoid and what a good logical number is to use to accomplish that goal.   Are your machines all W2K+ or what are they?   Do you have logging enabled on your DC's and have you chased the event log entries to see how the requests are coming in (i.e. very quickly or spread out or ?).   � joe     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond McClinnis Sent: Tuesday, October 14, 2003 7:40 PM To: [EMAIL PROTECTED]   Hello All,   We recently implemented the Require Strong Passwords on out WIN2K and it seems that some users get locked out after entering an incorrect password only one time.� (I assure you that I allow more than one mistake; I too am human) This was happening before the change, but I am seeing it more now (harder password's = more mistakes)   The only thing I can think of is that we have multiple remote DCs in a bridged WAN environment, so when someone logs on, it hits a couple of them at the same time and they all count it as an invalid try.� That's my theory anyways, I'm open for suggestions.�     Thanks,   Raymond   List info�� : http://www.activedir.org/mail_list.htm List FAQ��� : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/   List info�� : http://www.activedir.org/mail_list.htm List FAQ��� : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/