Account lockout in win2k3 server

  • Thread starter Thread starter cyberdude
  • Start date Start date
C

cyberdude

I'm a relative newbie to win2k3 server and AD, so bear with me.

I have 1 or 2 power users who like to stay logged in for long periods of
time. What generally happens is that at some point they logoff/reboot and
are then locked out. I have to then go to the server and unlock their
account.

I have searched technet for an answer to this, but the links/answers they
had seemed aimed at password policy (using gpedit.msc) not domain policy.
Nothing I've found so far addresses this particular issue.

Any help would be appreciated.

Tom
--
Tom Zucker-Scharff
Systems Administrator
 
Hello,
"cyberdude" <cyberdude@discussions.microsoft.com> schrieb im Newsbeitrag
news:BBEBB624-899F-49FE-AD4E-BB6FB16700E2@microsoft.com...
> I'm a relative newbie to win2k3 server and AD, so bear with me.
>
> I have 1 or 2 power users who like to stay logged in for long periods of
> time. What generally happens is that at some point they logoff/reboot and
> are then locked out. I have to then go to the server and unlock their
> account.
>
does this happen also, if they do not stay logged on for a long time (which
is usually not a good idea anyway, since it may circumvent some Group
Policies, scripts etc).
Check, if they run services or scheduled tasks on their systems under their
account name, but still have the wrong (an old) password stored.
Any events on server / client pointing on this direction?
They enter the proper password for sure?
Best greetings from Germany
Olaf
 
If you didn't change any of the default domain settings, then I don't see
why this would happen. I suspect that maybe these power users have some
applications running under their accounts. Or perhaps someone is trying to
hack into their accounts. Check the Security log on the DC for logon
failures and see if that sheds some light on this.

--
Regards,
Martin X.
MCSA: M


"cyberdude" <cyberdude@discussions.microsoft.com> wrote in message
news:BBEBB624-899F-49FE-AD4E-BB6FB16700E2@microsoft.com...
I'm a relative newbie to win2k3 server and AD, so bear with me.

I have 1 or 2 power users who like to stay logged in for long periods of
time. What generally happens is that at some point they logoff/reboot and
are then locked out. I have to then go to the server and unlock their
account.

I have searched technet for an answer to this, but the links/answers they
had seemed aimed at password policy (using gpedit.msc) not domain policy.
Nothing I've found so far addresses this particular issue.

Any help would be appreciated.

Tom
--
Tom Zucker-Scharff
Systems Administrator
 
Olaf,

thanks for the quick reply.

One of them is running software called SyncBack to sync folders across the
network ( a network folder to their machine for instance). He routinely does
this with his secretary (has it set to run on a daily basis) and that is why
he wants to stay logged in because the software doesn't run as a scheduled
event in windows scheduler. When I asked he said that this syncing has been
having problems lately. But I can't see how this would make a difference
since it uses his login to access the remote computer - at the time his login
is valid, I believe.

I have one admin who is running patch software - Symantec OniPatch every
night to scan for needed patches and then patching machines once the patches
have been tested. This runs under his login as well, which has more rights
than the average user.

Tom
--
Tom Zucker-Scharff
Systems Administrator




"Olaf Engelke [MVP Windows Server]" wrote:

> Hello,
> "cyberdude" <cyberdude@discussions.microsoft.com> schrieb im Newsbeitrag
> news:BBEBB624-899F-49FE-AD4E-BB6FB16700E2@microsoft.com...
> > I'm a relative newbie to win2k3 server and AD, so bear with me.
> >
> > I have 1 or 2 power users who like to stay logged in for long periods of
> > time. What generally happens is that at some point they logoff/reboot and
> > are then locked out. I have to then go to the server and unlock their
> > account.
> >
> does this happen also, if they do not stay logged on for a long time (which
> is usually not a good idea anyway, since it may circumvent some Group
> Policies, scripts etc).
> Check, if they run services or scheduled tasks on their systems under their
> account name, but still have the wrong (an old) password stored.
> Any events on server / client pointing on this direction?
> They enter the proper password for sure?
> Best greetings from Germany
> Olaf
>
 
I forgot to mention that if they get locked out and I unlock the account then
log off the server, the account gets locked again. I have to login to the
server, unlock the account and wait to logoff until after they have entered
their password!

Tom
--
Tom Zucker-Scharff
Systems Administrator




"Olaf Engelke [MVP Windows Server]" wrote:

> Hello,
> "cyberdude" <cyberdude@discussions.microsoft.com> schrieb im Newsbeitrag
> news:BBEBB624-899F-49FE-AD4E-BB6FB16700E2@microsoft.com...
> > I'm a relative newbie to win2k3 server and AD, so bear with me.
> >
> > I have 1 or 2 power users who like to stay logged in for long periods of
> > time. What generally happens is that at some point they logoff/reboot and
> > are then locked out. I have to then go to the server and unlock their
> > account.
> >
> does this happen also, if they do not stay logged on for a long time (which
> is usually not a good idea anyway, since it may circumvent some Group
> Policies, scripts etc).
> Check, if they run services or scheduled tasks on their systems under their
> account name, but still have the wrong (an old) password stored.
> Any events on server / client pointing on this direction?
> They enter the proper password for sure?
> Best greetings from Germany
> Olaf
>
 
Hello Tom,
"cyberdude" <cyberdude@discussions.microsoft.com> schrieb im Newsbeitrag
news:29DCC5FD-A350-4340-BD25-1F9D8B5AC3E8@microsoft.com...
> thanks for the quick reply.
>
> One of them is running software called SyncBack to sync folders across the
> network ( a network folder to their machine for instance). He routinely
> does
> this with his secretary (has it set to run on a daily basis) and that is
> why
> he wants to stay logged in because the software doesn't run as a scheduled
> event in windows scheduler. When I asked he said that this syncing has
> been
> having problems lately. But I can't see how this would make a difference
> since it uses his login to access the remote computer - at the time his
> login
> is valid, I believe.
>
> I have one admin who is running patch software - Symantec OniPatch every
> night to scan for needed patches and then patching machines once the
> patches
> have been tested. This runs under his login as well, which has more
> rights
> than the average user.

did you check services under that account, event log etc?
Best greetings from Germany
Olaf
 
Back
Top