The netlogon.log file will tell you if he is logging on from anywhere besides his own computer
-------------------------------- Rob Weatherly -------------------------------- -----Original Message----- From: Jason Tolentino [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 5:39 PM To: NT 2000 Discussions Subject: RE: help with windows lockouts Don't know if you got my earlier message.. did you make sure he's not logged onto some computer with and old password? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Balos Sent: Thursday, February 06, 2003 2:39 PM To: NT 2000 Discussions Subject: RE: help with windows lockouts No, I removed his machine and added it back to the domain and still no success. He's been locked out twice since this morning (after the delete/readd of his machine), and will probably be locked out again before the days over. Hmm???? -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 10:06 AM To: NT 2000 Discussions Subject: RE: help with windows lockouts Friggin Lyris Remove and readd the machine to the domain. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: John Balos [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 1:03 PM > To: NT 2000 Discussions > Subject: RE: help with windows lockouts > > > How can I test out if there is a secure channel with the domain? The > user can get to his email, network drive and other network resources. > But at multiple times during the day, he cannot. Obviously, at that > point he's lost the connection. Also, the user doesn't or > hasn't changed > any service rights. All services on his local machine are the same as > they were before this happened. ??? This is really odd. What kind of > negative effect if any would there be if I delete the user > account from > AD? Do you think this would fix the problem? (Even if this did fix the > problem, I still would like to find the cause of this) > > > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 9:45 AM > To: NT 2000 Discussions > Subject: RE: help with windows lockouts > > Hmm.. Is the PC in a different domain? > > Is it possible that the pc lost its secure channel with the domain? > > Any of the items where the user shows Locally means they are > logged into > the > machine. Remotely usually is an IPC$ conenction or any other > authenticated > Windows Service. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: John Balos [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 06, 2003 12:28 PM > > To: NT 2000 Discussions > > Subject: RE: help with windows lockouts > > > > > > Well, I did download this tool. I ran the psloggedon and it > > queried the > > network for logons. It only found this user logged on to the domain > > locally and remotely. It didn't however tell me that he was > > logged into > > his workstation even though he is...? Maybe I'm missing > something. ( I > > know I am, lol) > > > > John > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 06, 2003 4:24 AM > > To: NT 2000 Discussions > > Subject: RE: help with windows lockouts > > > > Go to http://www.sysinternals.com and grab the PSTools > package (free). > > It > > contains an app called PSLoggedon that will query all active > > machines in > > the > > domain and show you if that user is logged on anywhere else. > > That really > > is > > what this sounds like to me. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: John Balos [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 05, 2003 11:04 PM > > > To: NT 2000 Discussions > > > Subject: RE: help with windows lockouts > > > > > > > > > Yea, I've been there. I know what you talking about. But > > this problem > > > seems different actually. This user will be working fine in > > > outlook, he > > > can access his network drives with no problem and he can > > shut down how > > > system. The first thing that happens to him in the morning > > is that his > > > account is locked out. And then again, he can take a > short break and > > > come back (and I asked him to exit outlook and try logging > > > into outlook > > > again) and he wasn't able to. I then asked him to log off > > and log back > > > on and obviously his account was locked. ???? I don't know. > > > > > > I saved his security event log and I'm reviewing it, and > I can trace > > > back event ids' 529, 539 and a few others as far back as > > > 1/10/2003. This > > > is where I'm at as of now, trying to understand what exactly > > > is causing > > > this account lock out. It could always be someone trying to > > > get in with > > > his user name & password, but I kind of doubt that that's > > what it is. > > > There is some kind of authentication or program usage, or > > > something....??? That is causing this. I don't know. > > > > > > John > > > > > > -----Original Message----- > > > From: Adam Smith [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 05, 2003 4:43 PM > > > To: NT 2000 Discussions > > > Subject: Re: help with windows lockouts > > > > > > On Wed, Feb 05, 2003 at 03:24:08PM -0800, John Balos said: > > > > Hello, I have a user who's account is constantly being > > > locked out. We > > > > are in a windows XP/Server 2000 env. Can anyone help out? > > > > > > We experience this problem with users who use E-Mail checking > > > software, > > > or > > > are too idiotic to realize that when Outlook's asking them for a > > > password, > > > it's because they changed it today. > > > > > > The software package that used to be popular around here (called > > > SimpleCheck) is designed to notify you when you have mail > > and put up a > > > list > > > of the new messages on your screen. It didn't, however, > > > notify you that > > > your password was being rejected. Once a user changed > > their password, > > > SimpleCheck would continue checking for email every 'n' > > > minutes and was > > > rejected each time. The more freqently these checks were > > > rejected, the > > > more frequently a user got locked out. > > > > > > Secondly, many users are just too simple to realize that > > > Outlook stores > > > passwords. If they select the 'Remember Password' > option, then are > > > forced > > > to change their password down the track, they are continually > > > challeneged > > > when checking their email until they reset their password in the > > > dialogue > > > box. Some users just keep pressing enter over and over again > > > expecting > > > it > > > to work, and eventually locking themselves out. > > > > > > It is amazing the amount of times I get someone ringing me > > saying they > > > can't check their email and I say to them "Have you changed your > > > password > > > today?" > > > > > > The response is often "Yes." > > > > > > -- > > > Adam Smith > > > Information Technology Officer > > > SAGE Automation Ltd. > > > > > > [EMAIL PROTECTED] > > > http://www.sageautomation.com > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
