Windows 7 PC account keeps locking out

elrasho · 30 Jun 2011 at 14:49

I have a user at work on a Windows 7 PC thats connected to Windows Server 2008 and it keeps getting its account locked out at random times. I have to open AD and unlock it every time. I've tried all the methods here: http://social.technet.microsoft.com...y/thread/0f88e0b6-7aa0-4917-bd06-68f77f14493e

I have no idea what it could be, I'm tempted to create a new user account for him but thats not really a fix is it. Any help would be greatly appreciated.

paradigm · 30 Jun 2011 at 15:03

Best guess, a piece of software installed that has an old set of AD credentials remembered, either for proxy or folder access to something or other.

Seen it many times before with apps that have auto-updaters.

elrasho · 30 Jun 2011 at 15:04

Is there a way I can scan for software that uses AD credentials, there is a lot of software on that PC.

paradigm · 30 Jun 2011 at 15:07

Nope. But it will be something that's always running. 9 times out of 10 it will be something resident in the systray.

elrasho · 30 Jun 2011 at 15:28

paradigm said:
Nope. But it will be something that's always running. 9 times out of 10 it will be something resident in the systray.

OK thanks I guess I'll have to go through each one by one

citizenx13 · 30 Jun 2011 at 16:10

Is the user clued up enough to mat to a drive and perhaps mapped using "connect as different user" and has changed the password since? Had that happen to me once.
In a nut shell something is accessing a network recourse (could be on another PC as well) with an old/wrong password.

Good luck this kind of issue is never easy.

perhaps recreating his local account (on the PC)couild help?
log in as administrator go to C:\Documents and Settingsa and RENAME the account buy adding "_old" ("USERNAME_old") on the end DONT DELETE IT!!! and get teh user to log in again
you can always revert to the acount by removing "_old"

MuttsNutts · 1 Jul 2011 at 14:15

Check the Audit logs on the PC & Server, may point you in the right direction?

Also how many logon fail attempts are set before account lockout?

smargh · 1 Jul 2011 at 18:45

I've seen all of these at some point:

- IE magically remembering a password. Reset settings, clear cache.
- control userpasswords2, manage passwords, delete all cached.
- services running as them
- applications set to auto-update with their [proxy] credentials
- network drives with saved incorrect alternative credentials
- scheduled tasks
- logged on to pc with old password (lock+unlock with newest pw to resolve)
- DCOM/COM identiy set with old credentials (admin tools->component admin)
- IIS app pool using old credentials (frequent occurence for software developers at my job)
- .net application set to use old password
- someone is trying to map a drive which is or was hosted on the PC concerned.
- ActiveSync and a Windows Mobile device - old pw stored on the device itself.
- Device/PDA/smartphone trying to retrieve mail via OWA SSL proxy with old credentials
- Old logon session to a different PC with a previous password

Alternatively, use the Account Lockout Tools:
http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx

The frequency and reliability of the incorrect password attempts can be of interest, i.e. every X hours or X days, or only on startup, or if it also happens when nobody is logged on to the PC.

The first point of call is to enable local success & failure security failure auditing (logon & account logon events) within secpol.msc.