Accounts reset to empty password

Printable View

31st March 2009, 11:06 AM
contink

Accounts reset to empty password

I appreciate this is going to immediately sound like Confiker or some kind of trojan but something tells me it could be some essoteric issue I've missed.

The problem I've got is that two staff accounts have recently reported problems getting into their accounts and after a couple of careful probings it seems that they've managed to get their passwords to reset to empty (ie: none required).

Now, the GPO requires all users to have a password with 5 characters or more so it shouldn't have accepted anything smaller, much less empty. The children are all primary age and we don't have any genius types although I wouldn't put it past one or two to be semi-skilled in resetting a password if they found a machine logged in ;).

Originally I thought that perhaps the issue was down to:
- a machine being logged in and password being reset to empty
- staff members not bothering to read the screen when the password expiry prompt came up and just plugging stuff in, etc... The GPO limitation is the bit that has me stumped though.

Right now I'm running a full virus scan of the systems (using Avast) and I've already made sure Confiker isn't behind this but does anyone had any ideas that I need to cover or possible vectors that might explain this.

Cheers

Martin
31st March 2009, 11:20 AM
SYSMAN_MK

Have you tried to reset the password of a test user on one of these members of staffs PC?

Could be that the GPO isn't applying somewhere?
31st March 2009, 11:26 AM
contink

Quote:

Originally Posted by SYSMAN_MK

Have you tried to reset the password of a test user on one of these members of staffs PC?

Not yet... Strange thing is that the affected users (so far) are Teaching Assistants so they don't have a computer of their own, only machines that are used by numerous other users.

Quote:

Could be that the GPO isn't applying somewhere?

I guess I need to do some digging... Chances are they won't be able to remember the machines they've been using. :bored:

Where's Hercule Poirot when you need him? :)
31st March 2009, 11:32 AM
timzim

Use modelling in GP Management Console to check result of policies applied - I found some of mine were in the wrong order and quickly solved a similar problem.
31st March 2009, 12:23 PM
Michael

That's really weird as I had the same/similar problem this morning on an RM CC3 network. The kids (as it's an Infant school) have no password and the staff have a standard school password.

For some unknown reason when certain children were attempting to logon, it was prompting them to change their password, despite them being unable to change their password (in their user account details). All very weird. In the end, I highlighted all users and set the password again to nothing which seems to have done the trick.

The default domain policy is configured correctly, so who knows why this happened. Maybe a ghost? :p