Users of Windows 7 computers locked out of domain
13 years 10 months ago #36093
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Users of Windows 7 computers locked out of domain
OK, I'm guessing here.
Do you have mapped network drives or folders that are configured on those PCs, that are NOT often being used?
Permanent drives/folders may have been established with passwords that have already expired. These passwords might have been saved locally (by clicking a check box on a login dialog). Every time the user logs on or restarts his PC, the authentication attempt FAILS when Windows attempts to restore these permanent connections because the LOCAL saved passwords are different from the ones on Active Directory. I think, that if these attempts reach the lockout policy threshold, the account will be locked.
If I'm correct, Why does this happen only on Windows 7? I have no idea.
Did I just tell what you already know?
Do you have mapped network drives or folders that are configured on those PCs, that are NOT often being used?
Permanent drives/folders may have been established with passwords that have already expired. These passwords might have been saved locally (by clicking a check box on a login dialog). Every time the user logs on or restarts his PC, the authentication attempt FAILS when Windows attempts to restore these permanent connections because the LOCAL saved passwords are different from the ones on Active Directory. I think, that if these attempts reach the lockout policy threshold, the account will be locked.
If I'm correct, Why does this happen only on Windows 7? I have no idea.
Did I just tell what you already know?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
13 years 10 months ago #36094
by steveb13
Replied by steveb13 on topic Re: Users of Windows 7 computers locked out of domain
I did have mapped drives before and saw a forum post where someone said this could be the issue, so I disconnected all mapped drives, but the lockouts still keep happening.
So I have no idea either what the deal is with Windows 7. I'm not sure I actually know anything at this point
So I have no idea either what the deal is with Windows 7. I'm not sure I actually know anything at this point
13 years 10 months ago #36107
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Users of Windows 7 computers locked out of domain
It can be mapped drives, printers, and programs. It can be pretty hard to track down. You'll have to check the computer security and domain controller logs you should see a bunch of failed audits in the logs.
The security logs might give you a hint on whats going on.
Does this machines have network printers or outlook or any programs that request credentials?
Try removing stuff until it works I suppose.
or remove the account lockout policy if thats ok for your organization. Yes it is security but a lockout policy can also be used for denial of service attacks so It can be dual edged sword.
The security logs might give you a hint on whats going on.
Does this machines have network printers or outlook or any programs that request credentials?
Try removing stuff until it works I suppose.
or remove the account lockout policy if thats ok for your organization. Yes it is security but a lockout policy can also be used for denial of service attacks so It can be dual edged sword.
The Bublitz
Systems Admin
Hospice of the Red River Valley
13 years 9 months ago #36128
by rizin
Known is a drop, unknown is an Ocean
Replied by rizin on topic Re: Users of Windows 7 computers locked out of domain
Hi All,
@steveb The problem related to the RID and PDC master role of Five powerful roles known as FSMO aka Flexible single master operations roles in Active Directory Domain Service AD DS.
First of all i would like to collect some info from you. Did you assign the Win 7 USERS any old or existing account names and passwords.
Did you change the e-mail address in account tab from the user properties.
This remedy will be done by google with deep search however i strongly recommend you to go through the above FSMO rules and try to trouble shoot accordingly.
I will also do the same once you give me the detailed info such as, is the server upgraded from Win 2000 and Win 7 users are new or already exists.
Regards,
Rizin
@steveb The problem related to the RID and PDC master role of Five powerful roles known as FSMO aka Flexible single master operations roles in Active Directory Domain Service AD DS.
First of all i would like to collect some info from you. Did you assign the Win 7 USERS any old or existing account names and passwords.
Did you change the e-mail address in account tab from the user properties.
This remedy will be done by google with deep search however i strongly recommend you to go through the above FSMO rules and try to trouble shoot accordingly.
I will also do the same once you give me the detailed info such as, is the server upgraded from Win 2000 and Win 7 users are new or already exists.
Regards,
Rizin
Known is a drop, unknown is an Ocean
Time to create page: 0.143 seconds