Admin Account Keeps Getting Locked Out

windows-7 security passwords
7,184

Solution 1

It sounds like a service or a mapped drive is using the admin account with the old password. The error log should show the IP or name of the computer that has the issue.

Solution 2

You will be able to see the events in the Event Viewer why your account is being locked out. It is Event ID 644. Make sure that your Security Audit is set to Success/Failure though to see these errors inside the DC's event log.

Additional, Event ID 529 which is a failed logon attempt should list everywhere that has the wrong credentials saved.

Solution 3

First, i would suggest that you take a look in the event log for event code 4740, it should have the computer name or IP that caused the lock.
If the lock caused by random computers, then check them for a stored credentials in the services, or scheduled tasks, or any other application that the password stored inside it.
Or somewhere in a login script and you forget about it.

Share:
7,184
Chris
Author by

Chris

Updated on September 18, 2022

Comments

  • Chris
    Chris over 1 year

    Ever since I changed the admin password on my work domain, the admin account keeps getting locked out in the morning when users start logging on to their computers. I am not sure why a user logging on to their PC would try to use the admin account, but I keep getting Event 675 with failure code 0x18. After a few of these failed logons, the account is locked out. The User ID in the error is the domain admin and the Client Address is the IP address of a user's computer.

    After everyone is logged on in the morning, the admin account no longer gets locked out--it only happens during the time everyone logs in. I have not seen a pattern as to specific computers causing the lockout (so I do not suspect an attempted security breach).

    Any idea on why this is happening and how I may fix it?

    • joeqwerty
      joeqwerty about 10 years
      Have you checked for a scheduled task that's set to run at user logon that might be using the account in question?
    • Digital Chris
      Digital Chris about 10 years
      Sometimes people set services to start as a network admin because the service needs access to network resources... then they promptly forget they did that. The password for the service could need updating?
  • Chris
    Chris about 10 years
    The logon script uses the admin credentials in it (compiled script). I had changed the password in the script but the updated script did not replicate to all of the domain controllers for some reason. Once I manually copied the new script to the domain controllers, all is good again.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I reset the password on a Windows 7 VM under VMware 4 on Mac Lion?
Are the losses of resetting a Windows password reversible?
Can't change or set password in Windows 7
Can I create a Windows user account without the ability for an interactive user login?
Are saved Remote Desktop credentials secure on the local machine?
What is the Windows 7 command-line to remove all remember passwords in Credential Manager?
Is the c++ hash function reasonably safe for passwords?
password limitations in SQL Server and MySql
Determine password expiry date
How to hash a password with SHA512