AD Account being locked out on reboot

S

smanuel

New member
Local time
12:51 PM
Messages
8
Good day,

I have a domain user that is having his account get locked out when a workstation reboots, and only when it reboots.

I have identified what workstation is causing it, but cannot find anything on the computer that is using his account. I have checked the services and any mapped drives and nothing. I have read through the event log and I can't seem to find anything there either.

There is nothing in the credential manager and he hasn't installed any applications on this particular computer either.

Any suggestions?
Thanks
 

My Computer My Computer

At a glance

Windows 7 Professional X64
OS
Windows 7 Professional X64
Does this MS website provide any help for you. It goes back to 2009 & is quite a long & detailed one, so you might need to read right through it as the dates progress to recent ones as you scroll through.

Windows 7 Domain Account Lock Out Problem
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bit sp1Intel i5 3570 3.4Ghz Ivy Bridge SKT 1155 quad...G-Skill Rip Jaws 16Gb (8x2) DDR3 -1600 PC3 12...Gigabyte NVIDIA GT610 1Gb DDR3 810/1200 PCI-E...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built using existing case
OS
Windows 7 Home Premium 64 bit sp1
CPU
Intel i5 3570 3.4Ghz Ivy Bridge SKT 1155 quad core
Motherboard
Gigabyte Z77-HD3 SKT 1155 2xSata 3, 4x USB 3.0
Memory
G-Skill Rip Jaws 16Gb (8x2) DDR3 -1600 PC3 12800 CL 10 red
Graphics Card(s)
Gigabyte NVIDIA GT610 1Gb DDR3 810/1200 PCI-E 2.0 Silent
Sound Card
NVIDIA High Definition & Realtech High Definition Audio
Monitor(s) Displays
2 x Philips 226V4L 16:9 aspect ratio
Screen Resolution
1920 x 1080 HD
Hard Drives
Samsung 840 Pro 256gb SSD, SATA 3.
Hitachi Touro Portable 1tb, USB 3.0 HDD used for image b/ups.
PSU
Corsair VS450
Case
Codeng
Cooling
PSU fan & CPU fan
Keyboard
Logitech
Mouse
Logitech Wireless trackball M570
Internet Speed
Wireless 3G. 3mg down & 550kb up.
Antivirus
Bitdefender Internet Security 2020
Browser
Opera (Current Version) & Firefox
Other Info
MS Office 2013 Pro. Davis weather station software. MGE Nova 600 avr UPS.
I've read through that and still not able to pinpoint the cause. It is now happening with a couple of machines on our domain. I have looked through the event logs, mapped drives, services, scheduled tasks and nothing under his account. I removed his profile and cleaned out the registry and still happens. I tried Netwrix Account Lockout Analyzer and found nothing on the machines causing it.

I'm at a loss. It's only happening on boot as well, logon/logoff all you want and its fine. Reboot, locked as soon as Windows starts up.

The only thing I know to do right now is see if Wireshark can tell me anything, just need to find a way to get it to load first.
 

My Computer My Computer

At a glance

Windows 7 Professional X64
OS
Windows 7 Professional X64
smanuel said:
It is now happening with a couple of machines on our domain.
Click to expand...
Yeah, I was contemplating whether to ask.

These symptoms would tend to align with the behaviour of network-aware viruses. Remember the Conflicker worm in 2008? It would permeate through a network by attempting to guess accounts’ passwords. Users would boot their machines to find they were locked out.

A very loose test to see if this is case would be to create a new user on the network and give it an easy to guess password, e.g., let its password match its username. If this user account experiences no problems, indeed raise your suspicion of malware.

This is just a suggestion though, could not be the case.

I’m sure somebody more capable with malware removal can find evidence of malware lurking here.
 

My Computer My Computer

At a glance

Windows 10, Windows 8.1 Pro, Windows 7 Profes...
Computer type
PC/Desktop
OS
Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
You must log in or register to reply here.

Similar threads

Solved locked out of my User Account with CORRECT password
Replies
4
Views
4K
tidybear12
T
Windows 7 Locked out of OS w/ Bitlocker Encryption
Replies
3
Views
2K
wither 2
W
UAC Locked out machine - @teamviewer !
Replies
5
Views
4K
Alejandro85
A
Locked out of Computer - Cannot boot from disk
Replies
3
Views
2K
SIW2
SIW2
Locked out of windows 7 single admin account
Replies
1
Views
3K
Amatos
A
Back
Top