Windows 7 Domian account locking
Problem:
PCs running Windows 7 32 or 64 bit Pro Some machines that are domain members
and are apparently using only wireless access... A valid user attempts to login
and misses that password one time will corrupt the PC's domain account within
the PC and a user cannot login. This can be fixed by restoring the PC using
system restore to before the event happened.
If the PC is disconnected from the network a user with an account on the PC can log on
just fine, reconnect the network and work normally until they are required to
log on again. The DC does not see a problem with the PCs account. This does
not happen every time and may have some other commonality but thats all I have
found so far. Can someone please tell me how to prevent this or shed some light on where the problem is;
a domain problem, PC setting, or registry adjustment?
Thank you!
June 20th, 2012 3:52pm
Are there any traces in Event logs?
Are there any special settings in GPO like Wait for network...?
You cannot continue in deeper level of forensics without network monitor data (either from MS or free Wireshark will do the task)
Regards
Milos
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2012 5:53pm
Hi,
Take a look in audit logs on Domain Server. This will tell you why the account is locked.
Juke Chou
TechNet Community Support
June 22nd, 2012 3:46am
So many questions to eliminate possible causes -
You can login with another account to run a system restore?
Is there a screensaver set to require password after running?
How does the computer handle logging on with a brand new account when connected to wifi, does it authenticate with the domain controller and set up a profile?
You say corrupted PC account, what do you mean by this?
Can you connect remotely to the root of the machine when it fails \\pcname\c$ ?
Can you ping the machine?
Any error message when logging in, you must get some sort of message when the logon fails.
Also eventvwr on the client should show some answers at the time the problem occurs.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2012 7:42pm
Thank you
for the replys to my question. I know few more things about what circumstances
surround the problem:
1. The DC
has nothing in the log about any problem with the computer account and is not
what is locking it out otherwise doing a system restore would not work. This is
all in the PC Windows 7 system. Doing a system restore on the PC fixes the
domain lockout of the computer account or another way to put it is more like a corrupted
computer account.
2. It seems
that when a user account login is attempted more than one occurrence at the
same time the PC corrupts is domain account for example: a laptop that has been
on wireless is brought back an docked with a wired LAN connection and both are
on. The user logs in and misses the password just once and the PC corrupts the
domain account. OR --- A training center with multiple PC's and more than one
person tries to login using the same training account. The password is missed
(or maybe not) and one or maybe both PC's corrupt their domain account.
Once again
restoring the PC to before the lockout event restores the domain account. AND disconnecting
the PC from the network, logging on with a valid domain user account that is
already cached in the PC, and reconnecting the network will allow the user to
work normally.
Is there a
way to prevent this? I believe I have read somewhere that the PC manages its
account and the registry has something to do with how often the password is
changed?
Any help
would be appreciated. I have training PC's corrupting Domain PC account during
trainings and it is very distracting.
July 5th, 2012 4:18pm
take a look -
http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 1:46pm
Thanks for
the reply. The link is the most helpful so far. In fact I believe I have read
that some time in my past. I still can't see how the password change procedure
has to do with corrupting the domain account. I'm pretty sure it has something
to do with the password but what conditions will or could cause it to try to
change prematurely?
Could it
have something to do with having two Domain controllers that wold be out of
sync at the moment?
I will see
if I can find the time to positively duplicate the domain account corruption
and report it.
July 6th, 2012 2:07pm
It could also be the NTAUTHORITY\SYSTEM account locking the computer account.
This could be a mapped drive, or a process/service running in the context of this account has a password set with it.
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 2:14pm