Security Basics mailing list archives
RE: Account lockout
From: "Brian Stoneburner (Postmaster)" <bstoneburner () wcisteel com>
Date: Tue, 14 Jan 2003 13:14:09 -0500
Alex,
It would seem the way you are doing this has some problems. Here is some
advice:
Create a service account to run your scripts under.
Rename your admin account and change the passowrd. Put the password in a
safe. Give the combination to the CIO.
Create a domain admin account for each of your admins and enable auditing.
Never setup services running from the "primary" administrator account -
always use a service account.
Use auditing to determine what is account is being logged into. With this
information you can determine
if you have a rogue admin user.
Brian
-----Original Message-----
From: Alex Tarata [mailto:atarata () bigpond net au]
Sent: Saturday, January 11, 2003 11:42 PM
To: security-basics () securityfocus com
Subject: Account lockout
Hi all,
Im not sure if this is the right place to post this but anyway here it goes:
recently at our organization we have changed an admin password on the domain
controllers and we had to reboot all the servers involved and relog them
with the new password. All went good apart from some small things we have
managed to solve. The problem occured when some guy changed the password on
the DCs again thinking the password was wrong. When he found out that the
password was indeed right he changed it back to what it was initially. Now
we are experiencing problems with account lockouts very often. What I am
thinking is that the servers might need to be rebooted and relogged with the
password AGAIN. Is this true or should I look for another cause of the
lockout ?
Just to make more clear what we did when we changed the pass is: we changed
the pass on all the scripts using that account, checked all the services
using that account, checked all the web, SQL services that could be using
that account and also the scheduled tasks.
But obviosly there is something wrong as the account is still being locked
out. If you have any ideas please mail me as this is very important and I am
running out of ideeas.
Regards,
Alex
Current thread:
- Account lockout Alex Tarata (Jan 14)
- RE: Account lockout Brian Stoneburner (Postmaster) (Jan 15)
- Re: Computer Forensics David Andersson (Jan 22)
- Re: Computer Forensics Gene Yoo (Jan 23)
- Re: Computer Forensics John Smit (Jan 24)
- Re: Computer Forensics David Andersson (Jan 22)
- <Possible follow-ups>
- RE: Account lockout Smith, Paul C. (Jan 14)
- RE: Account lockout Benjamin Meade (Jan 15)
- RE: Account lockout Anthony, Shayla (Jan 15)
- RE: Account lockout Anthony, Shayla (Jan 15)
- RE: Account lockout Lachlan McGill (Jan 15)
- RE: Account lockout Lubrano di Ciccone, Christophe (DEF) (Jan 21)
- RE: Account lockout Brian Stoneburner (Postmaster) (Jan 15)