Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 9740 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 7 AD Account Locking

Chairman_mo

Hi,

I have recently rolled out Safeguard 5.60.1.7 to a Windows 7 professional laptop running on a dell latitude E6420. POA is enabled and working as expected but since the installation the user's AD account is constantly being locked. Also the automatic login of windows does not work either. Each time the user reboots his laptop and logs in to POA, he is subsequently locked out of windows and we have to unlock his account. We have reset his password and this has been updated in POA so AD and POA are synchronising the password change but he is still being locked out constantly. Quite often he is also locked out after simply locking his windows session whilst away from the laptop. None of this happened before the Hard Drive was encrypted. Does anyone have any ideas what this could be?

Many Thanks

Chris

:27169


This thread was automatically locked due to age.
  • 0

    Hi Chairman_mo,

    the fact that it only occurs after installation of SafeGuard and the the user is also being blocked by just locking his desktop and returning after a while could indicate a failing remote access to the machine.

    I've seen this before in one envrionment and the reason for this issue (if I remember correctly) was, that something (Virus, Worm, Bot Net et cetera) was trying to logon to the machine in the background via RDP (default port: 3389). These failed logons raised the machine / user logon counter until the maximum number of failed logons was reached. The failed logons will not be shown with a logon delay counter, as they occur from a remote location.

    To verify the above, you could try to 

    • Disable RDP on the affected machines (so that no connections onto the machine is allowed)
    • Change the default RDP port (Default port: 3389)

      and check if the machine is still being locked w/o user interaction. On an affected client machine, I've never seen this issue again after changing the default RDP port.

    You might also to check out the following Microsoft KBA which describes Vulnerabilities in Remote Desktop that could allow remote code execution: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

    Due to the fact that the above described issue locked SafeGuard Machines w/o user interaction, we have changed the way machines will be locked when a remote login attempt fails with the release of SafeGuard version 6.

    Cheers,

    Chris 

    :27189
  • 0

    Hi Chris,

    Thanks for the suggestion. I spoke with the user on Tuesday and he said that it seemed to be working ok but he would still have to press Ctrl+Alt+Del at the wondows login screen in order to get logged in (he did not have to type in username/password, just pressed Ctrl+Alt+Del). Today he has contacted me to say that he was locked out again so i went ahead and changed the default RDP port on the laptop but after a reboot he logs in at POA fine and laptop stops at the Ctrl+Alt+Del screen but does nothing else. When he presses Ctrl+Alt+Del he is told that his user account is locked and I have to unlock it for him. Is there anything else that could be causing this?

    Thanks,

    Chris

    :27377
  • 0
    I found this once, his AD account may not be locked but check the sophos safeguard account, that might be disabled, you can disable that and even lock the user from using that computer separately from AD. Happened to me once while doing support for my user base.
    :28455
Unfiltered HTML