lockout policy too restrictive?

Hey there. I have an WinXP machine running SP1. I've been trying to implement a security policy whereby 3 failed logon attempts will lock out the account for a day. However, my account consistenly gets locked out without me ever failing logon. I reviewed the security logs and found that some of XPs built in accounts had been attempting logon and failing, so I removed them, yet the problem remains.

Please advise.

 

nobody knows the troubles I've seen, nobody knows the sorrow....

heheh

 

Update: I've found groups containing users that matched those listed in the most recent failure audit logs, and I've removed them. I'm going to see if that helps.

 

This hasn't resolved the issue. According to the logon failure audit logs, NT SYSTEM is still trying and failing to access my account. I'd suspect malware, but this computer isn't online 99% of the time. I've went online once to do updates....

Does anyone have any ideas?

 

bump!

 

Why no SP2?I know many issue with lockout policy that was fixed in sp2.Also try disabling fast user switching if you dont need it.

 

I'm going to avoid SP2 if I can. I absolutely despise it. It's caused nothing but troubles for me. I have read about the lockout fixes in SP2, so I may give it a try should my latest find fail....*sigh*

At the moment, I've found a tool that, on the client computer, helps determine a process or application that is sending wrong credentials.

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Thanks for the reply, though. I was beginning to think that Major Geeks didn't want to help me.

 

If one or more of the other account types is trying to log in- it may mean you have a hacker trying to get into your system. Since you use Windows XP, you can verify if anyone else has been in your system by just Start->My Computer->System Drive (c)->Documents and Settings. Once there, if you have folders other than the Administrator, All Users, Default Users, and your known accounts (like Local_Service or Network_Service) - then someone is trying to hack your system.

Service Packs 2 & 3 address a lot of security issues. However, if you are starting from Service Pack 1, then remember that you need to go through and install ALL of the security updates which were released prior to Service Pack 2. This is because lots of people have had problems (I've read about this lots of times before) because there just is something in SP1 that will mess up SP2 if you haven't done all of the other installs. (By "install" I mean the high and medium installs which you get to by clicking on the "Custom" button at the update website. Hardware installs don't seem to matter. Remember to say "No" to installing SP2 so the website will go on to the individual High/Medium installs.) Remember to go in the proper order. Don't try to skip things (like going .net 1.0, then .net 2.0, then .net 1.1. Go 1.0, 1.1, then 2.0, 2.1, and so forth.). I know it's a pain in the rear to do this as it can take hours and hours and hours to do. But if you go in order you will be up to the current stuff in a day or two. Yes! A day or two. It can take that long over DSL. Over a dial-up - it can take as long as a week to install. (Believe me! I helped a friend while I was on vacation in Arizona. All they had was a 2400 baud dial-up line. I wanted to just scream. It took a week just to get to SP2. Then I came home.

Anway, hope this helps!

 

Hi Mada - I agree with Markem, especially about the attempted hacks via NTSystem etc. I use Lockout after 5 attempts, and disabled for 30 minutes. This usually gives me enough time to gather clues before the next hack sequence. Keep the faith Mada, you are doing the right thing here. You not only protect your accounts from a brute force attack but you keep the hacker program busy so it won't be attacking a less protected computer.

 

Thread is from 2005.

 

Thanks - I missed that!

 

Ooops! Didn't see that. :-o