+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
Wireless Networks Thread, Accounts getting locked!!!! in Technical; This is driving me crazy! admin accounts just getting locked!! Anyway of turning this feature off?...
  1. #1
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60

    Accounts getting locked!!!!

    This is driving me crazy!

    admin accounts just getting locked!!

    Anyway of turning this feature off?

  2. #2
    mossj's Avatar
    Join Date
    Dec 2008
    Location
    Leicester
    Posts
    1,466
    Thank Post
    157
    Thanked 189 Times in 174 Posts
    Rep Power
    52
    How up to date is your AV? Sounds like conficker to me.... one of the first signs is accounts getting locked out as it trys to guess passwords.

  3. #3
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    Thats a thought, i will check

  4. #4
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    is it worth having this feature as I can turn it off

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    You can turn it off under group policy, but I'd prefer admin accounts were locked out than brute-forced.

    Possibilities aside from viruses.

    1) A scheduled task running using admin credentials that hasn't been updated after an admin password changed?
    2) A kid messing around, especially if "admin" or "administrator" or "name he can guess" is an admin account.

    What do the event logs say - where are the failed logins coming from? What IP/host? Is it happening to any sort of schedule?

  6. #6
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    Anyone know of any good Conflicker Network Scanners?

  7. #7

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,481
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Best way I've found is to use NMap. Download the latest version and run nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]


  8. #8
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    Use the Microsoft Malicious Software Removal tool in a startup script. Worked best for me.

  9. #9

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,481
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Quote Originally Posted by ChrisH View Post
    Use the Microsoft Malicious Software Removal tool in a startup script. Worked best for me.
    To remove conficker I've also used the Spohos removal tool and the Kaspersky removal tool. Both seem to work well

  10. #10
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    876
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    Oh god Conficker is horrible. I, along with Soulfish at our place, deployed out the Sohpos tool. Works a treat.

    Sophos Conficker Clean-up Tool (network version)

  11. Thanks to rh91uk from:

    BatchFile (2nd December 2009)

  12. #11
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    Symantec detects it as DownUp (theres multipul names for this nasty).

    Make sure you disable autorun on your network, it is how this nasty gets around in some cases.

  13. #12
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    The microsoft Tool seemed to be more thorough with scheduled tasks and services that Conficker creates.

  14. #13
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    876
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    The microsoft tool didn't clean it up here ... which was quite weird!

  15. #14
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    Quote Originally Posted by rh91uk View Post
    The microsoft tool didn't clean it up here ... which was quite weird!
    Maybe your machines were getting re-infected straight away?

  16. #15
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    Still getting these lock outs, I've installed the Acctinfo.dll tab in AD to look at the lockout info, gonna have to do some digging on this one, been checking over the weekend and some machines are infected with conflicker!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 14
    Last Post: 10th June 2009, 04:08 PM
  2. Accounts locked out after DC reboot
    By gibit in forum Windows Server 2000/2003
    Replies: 3
    Last Post: 25th February 2009, 10:49 PM
  3. Replies: 13
    Last Post: 17th September 2008, 02:40 PM
  4. Replies: 3
    Last Post: 1st August 2007, 10:00 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •