A colleague of mine recently encountered this with his account. It turned out that he had stored his credentials on the machine and then, after he had to change his password, he started getting locked out.
For Windows XP, there seem to be user-level and system-level stored passwords. You view them both similarly, but administrators stored passwords seem to always be stored at the system level. To view them, go to: Control Panel > User Accounts > Advanced > Manage Passwords. Unfortunately, you can't view the user-level passwords from there and the only way I've found to view it via the GUI is to be logged in as that user. To view them when you are a non-admin, go to Control Panel > User Accounts. It will ask for an admin password but do not give it one. That would result in seeing the system level passwords you could see as an admin. At the bottom of that dialog box there is a link to manage your passwords. If you click on that link you can see your user-level stored passwords. You can also run "rundll32.exe keymgr.dll, KRShowKeyMgr" without the quotes and it will pull up the Stored Passwords window. It may not be the issue at all but it has been in the past here. Good luck! -----Original Message----- From: Jimmy Tran [mailto:[email protected]] Sent: Wednesday, October 21, 2009 6:56 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain I went to the link and everything checked out ok. This machine isn't mission critical so I could reimage it but I'd like to try to figure out the problem. Thanks, Jimmy -----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Tuesday, October 20, 2009 6:20 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain Those random letter strings at the bottom are not good. This worm usually blocks most of the anti-virus websites. See if you can get to trendmicro.com or mcafee or symantec. Or hit this link and see if you can see their logo's.... http://www.confickerworkinggroup.org/infection_test/cfeyechart.html Can you just fdisk this machine, or is it mission critical? ________________________________________ From: Jason Morris [[email protected]] Sent: Tuesday, October 20, 2009 4:46 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain Sorry, missed CurrentVersion [cid:[email protected]] From: Jimmy Tran [mailto:[email protected]] Sent: Tuesday, October 20, 2009 3:33 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain This is what I get which looks normal: [cid:[email protected]] Jimmy From: Jason Morris [mailto:[email protected]] Sent: Tuesday, October 20, 2009 1:10 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain Thats because Conficker runs as the Network Services Account. Look under: HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any gobbledygook at the bottom of the entries. Ths your DLL that is running under Windows\System32. From: Jimmy Tran [mailto:[email protected]] Sent: Tuesday, October 20, 2009 3:08 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain No services running under my account when logged in as a different user. Jimmy From: Roger Wright [mailto:[email protected]] Sent: Tuesday, October 20, 2009 1:06 PM To: NT System Admin Issues Subject: Re: Constantly getting locked of 2003 domain Any services running under your account with an old password? Roger Wright ___ Sent from Tampa, FL, United States On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran <[email protected]<mailto:[email protected]>> wrote: Every 5 minutes or so, I get lock out of our domain. I ran EventCombMT and traced it back to a specific machine. Does anyone have any suggestions on what I can do to figure out what program/service is attempting to contact the DC with an incorrect password?ve been dealing with this all morning and it is driving me crazy. Windows 2003 Domain Windows XP SP3 machine Thanks, Jimmy ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
