Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 9744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 7 AD Account Locking

Chairman_mo

Hi,

I have recently rolled out Safeguard 5.60.1.7 to a Windows 7 professional laptop running on a dell latitude E6420. POA is enabled and working as expected but since the installation the user's AD account is constantly being locked. Also the automatic login of windows does not work either. Each time the user reboots his laptop and logs in to POA, he is subsequently locked out of windows and we have to unlock his account. We have reset his password and this has been updated in POA so AD and POA are synchronising the password change but he is still being locked out constantly. Quite often he is also locked out after simply locking his windows session whilst away from the laptop. None of this happened before the Hard Drive was encrypted. Does anyone have any ideas what this could be?

Many Thanks

Chris

:27169


This thread was automatically locked due to age.
Parents
  • 0

    Hi Chairman_mo,

    the fact that it only occurs after installation of SafeGuard and the the user is also being blocked by just locking his desktop and returning after a while could indicate a failing remote access to the machine.

    I've seen this before in one envrionment and the reason for this issue (if I remember correctly) was, that something (Virus, Worm, Bot Net et cetera) was trying to logon to the machine in the background via RDP (default port: 3389). These failed logons raised the machine / user logon counter until the maximum number of failed logons was reached. The failed logons will not be shown with a logon delay counter, as they occur from a remote location.

    To verify the above, you could try to 

    • Disable RDP on the affected machines (so that no connections onto the machine is allowed)
    • Change the default RDP port (Default port: 3389)

      and check if the machine is still being locked w/o user interaction. On an affected client machine, I've never seen this issue again after changing the default RDP port.

    You might also to check out the following Microsoft KBA which describes Vulnerabilities in Remote Desktop that could allow remote code execution: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

    Due to the fact that the above described issue locked SafeGuard Machines w/o user interaction, we have changed the way machines will be locked when a remote login attempt fails with the release of SafeGuard version 6.

    Cheers,

    Chris 

    :27189
Reply
  • 0

    Hi Chairman_mo,

    the fact that it only occurs after installation of SafeGuard and the the user is also being blocked by just locking his desktop and returning after a while could indicate a failing remote access to the machine.

    I've seen this before in one envrionment and the reason for this issue (if I remember correctly) was, that something (Virus, Worm, Bot Net et cetera) was trying to logon to the machine in the background via RDP (default port: 3389). These failed logons raised the machine / user logon counter until the maximum number of failed logons was reached. The failed logons will not be shown with a logon delay counter, as they occur from a remote location.

    To verify the above, you could try to 

    • Disable RDP on the affected machines (so that no connections onto the machine is allowed)
    • Change the default RDP port (Default port: 3389)

      and check if the machine is still being locked w/o user interaction. On an affected client machine, I've never seen this issue again after changing the default RDP port.

    You might also to check out the following Microsoft KBA which describes Vulnerabilities in Remote Desktop that could allow remote code execution: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

    Due to the fact that the above described issue locked SafeGuard Machines w/o user interaction, we have changed the way machines will be locked when a remote login attempt fails with the release of SafeGuard version 6.

    Cheers,

    Chris 

    :27189
Children
No Data
Unfiltered HTML