Is a service configured to use a domain account on the machine? How about a scheduled task with stored credentials?
Viewing the logon type number should help narrow this down 2009/10/22 KenM <[email protected]> > I didnt read through all the replies so I do not know if this was > recomended or not > http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en > > > > > > On Wed, Oct 21, 2009 at 7:40 PM, Jimmy Tran <[email protected]> wrote: > >> Joe: When I go to control panel > user accounts > advanced > manage >> passwords, I don't see anything in there. I was logged as myself as well. >> I did start deleting some apps that I thought could have been causing the >> problem so lets see if the problem still continues. >> >> Sean: I did restart many times. >> >> -Jimmy >> >> -----Original Message----- >> From: Joe Tinney [mailto:[email protected]] >> Sent: Wednesday, October 21, 2009 4:32 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> A colleague of mine recently encountered this with his account. It turned >> out that he had stored his credentials on the machine and then, after he had >> to change his password, he started getting locked out. >> >> For Windows XP, there seem to be user-level and system-level stored >> passwords. You view them both similarly, but administrators stored passwords >> seem to always be stored at the system level. To view them, go to: Control >> Panel > User Accounts > Advanced > Manage Passwords. >> >> Unfortunately, you can't view the user-level passwords from there and the >> only way I've found to view it via the GUI is to be logged in as that user. >> To view them when you are a non-admin, go to Control Panel > User Accounts. >> It will ask for an admin password but do not give it one. That would result >> in seeing the system level passwords you could see as an admin. At the >> bottom of that dialog box there is a link to manage your passwords. If you >> click on that link you can see your user-level stored passwords. >> >> You can also run "rundll32.exe keymgr.dll, KRShowKeyMgr" without the >> quotes and it will pull up the Stored Passwords window. >> >> It may not be the issue at all but it has been in the past here. >> >> Good luck! >> >> -----Original Message----- >> From: Jimmy Tran [mailto:[email protected]] >> Sent: Wednesday, October 21, 2009 6:56 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> I went to the link and everything checked out ok. This machine isn't >> mission critical so I could reimage it but I'd like to try to figure out the >> problem. >> >> Thanks, >> >> Jimmy >> >> -----Original Message----- >> From: Kennedy, Jim [mailto:[email protected]] >> Sent: Tuesday, October 20, 2009 6:20 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> >> Those random letter strings at the bottom are not good. This worm usually >> blocks most of the anti-virus websites. See if you can get to >> trendmicro.com or mcafee or symantec. Or hit this link and see if you can >> see their logo's.... >> >> http://www.confickerworkinggroup.org/infection_test/cfeyechart.html >> >> Can you just fdisk this machine, or is it mission critical? >> >> ________________________________________ >> From: Jason Morris [[email protected]] >> Sent: Tuesday, October 20, 2009 4:46 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> Sorry, missed CurrentVersion >> >> [cid:[email protected]] >> >> From: Jimmy Tran [mailto:[email protected]] >> Sent: Tuesday, October 20, 2009 3:33 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> This is what I get which looks normal: >> >> >> >> [cid:[email protected]] >> >> Jimmy >> >> From: Jason Morris [mailto:[email protected]] >> Sent: Tuesday, October 20, 2009 1:10 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> Thats because Conficker runs as the Network Services Account. >> >> Look under: >> HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any >> gobbledygook at the bottom of the entries. Ths your DLL that is running >> under Windows\System32. >> >> >> >> From: Jimmy Tran [mailto:[email protected]] >> Sent: Tuesday, October 20, 2009 3:08 PM >> To: NT System Admin Issues >> Subject: RE: Constantly getting locked of 2003 domain >> >> No services running under my account when logged in as a different user. >> Jimmy >> >> >> From: Roger Wright [mailto:[email protected]] >> Sent: Tuesday, October 20, 2009 1:06 PM >> To: NT System Admin Issues >> Subject: Re: Constantly getting locked of 2003 domain >> >> Any services running under your account with an old password? >> >> >> Roger Wright >> ___ >> >> Sent from Tampa, FL, United States >> On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran <[email protected]<mailto: >> [email protected]>> wrote: >> Every 5 minutes or so, I get lock out of our domain. I ran EventCombMT >> and traced it back to a specific machine. Does anyone have any suggestions >> on what I can do to figure out what program/service is attempting to contact >> the DC with an incorrect password?ve been dealing with this all morning and >> it is driving me crazy. >> >> >> Windows 2003 Domain >> Windows XP SP3 machine >> >> Thanks, >> >> Jimmy >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------------------ >> >> The pages accompanying this email transmission contain information from >> MJMC, Inc., which >> >> is confidential and/or privileged. The information is to be for the use of >> the individual >> >> or entity named on this cover sheet. If you are not the intended >> recipient, you are >> >> hereby notified that any disclosure, dissemination, distribution, or >> copying of this >> >> communication is strictly prohibited. If you received this transmission in >> error, please >> >> immediately notify us by telephone so that we can arrange for the >> retrieval of the original >> >> document. >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------------------ >> The pages accompanying this email transmission contain information from >> MJMC, Inc., which >> is confidential and/or privileged. The information is to be for the use of >> the individual >> or entity named on this cover sheet. If you are not the intended >> recipient, you are >> hereby notified that any disclosure, dissemination, distribution, or >> copying of this >> communication is strictly prohibited. If you received this transmission in >> error, please >> immediately notify us by telephone so that we can arrange for the >> retrieval of the original >> document. >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
