Ever since I changed the admin password on my work domain, the admin account keeps getting locked out in the morning when users start logging on to their computers. I am not sure why a user logging on to their PC would try to use the admin account, but I keep getting Event 675 with failure code 0x18. After a few of these failed logons, the account is locked out. The User ID in the error is the domain admin and the Client Address is the IP address of a user's computer.
After everyone is logged on in the morning, the admin account no longer gets locked out--it only happens during the time everyone logs in. I have not seen a pattern as to specific computers causing the lockout (so I do not suspect an attempted security breach).
Any idea on why this is happening and how I may fix it?
Answer
It sounds like a service or a mapped drive is using the admin account with the old password. The error log should show the IP or name of the computer that has the issue.
No comments:
Post a Comment