http://support.microsoft.com/default.aspx?scid=kb;EN-US;q264678
I've used this checked build of netlogon.dll before to find out where the accounts are getting locked out at. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q189541 You might want to consider that someone or something like a trojan is running and attempting a brute force dictionary attack against your logons. Check to confirm that your servers are not vulnerable to the null session hack. ----- Original Message ----- From: "Ryan Fennema" <[EMAIL PROTECTED]> To: "MSWinNT Discussions" <[EMAIL PROTECTED]> Sent: Monday, March 18, 2002 10:04 AM Subject: Account lockouts About 1-1/2 months ago we started to have a problem with some of our admin accounts locking out daily. 4 of our 6 NT admins accounts will lockout sometimes several times a day. The first thing I thought was they must have logged onto someone else's machines somewhere, or there is a service running under their name somewhere. But we haven't changed our passwords during this time (90 password change policy). Secondly one of the people getting locked out has a separate username that he uses whenever logging into someone else's computer and that account is fine, it is just his admin account that is locking out. So, I started to scour the logs on the DC's with no avail. There are a few account lockout events (529) and a few failed logon attempts, but none related to anyone that is having this problem. Anyone have any ideas? Configuration: 4 DC's Windows 2000 native domain All DC's running SP2 Audit policy set to log logon failures Thanks, Ryan N. Ryan Fennema, MCSE Network Administrator X-Rite Incorporated - Grandville, MI Phone: (616) 257-2165 Fax: (616) 257-2165 [EMAIL PROTECTED] www.xrite.com ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
