Click here to get back home

security account login failed
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
security account login failed BT 02-07-2007
Posted by Lincoln De Kalb on February 8, 2007, 5:18 pm
Please log in for more thread options
 Yeah this is similar to a situation I have. I have a company director that
is resisting putting his machine on the company domain because it'll mess
his settings for his home network. As a result, if he wants to use domain
resources like file server / printer / exchange etc, he has to enter his
domain password.

The result from my side though is plenty of failed logon attempts, not only
on DC but also on normal users PC's.

At the risk of hijaking this thread, why am I getting failed login attempts
on normal user's PC's? I know he isn't browsing deliberatly to other
machines, so am guessing it's a back end XP process, perhaps the computer
browser service?

Cheers
Lincoln

> Is it possibly common on the workstations producing the error to log in
> with
> the local administrator account for some tasks? This could be caused by
> the
> local administrator attempting access to a domain-authenticated resource
> without specifically specifying alternate credentials before hand.
>
> Are these workstations in use by staff in the IT environment? Without
> knowing the time span in which the event log errors are developing or the
> size of your environment, its tough to define the threshold for what
> should
> be acceptable for the "fat finger factor" by your own staff.
> --
> Wayne Anderson
> http://blog.avanadeadvisor.com/blogs/waynea/
>
>
> "BT" wrote:
>
>> It is logged in the DC event.
>> All user using their domain user account to connect the network, not the
>> administrator account.
>>
>> Any idea?
>> Thanks
>>
>> BT
>>
>> > An incorrect password is being specified for the administrator account.
>> > This
>> > this on a DC event log or a local event log?
>> >
>> > --
>> > Wayne Anderson
>> > http://blog.avanadeadvisor.com/blogs/waynea/
>> >
>> >
>> > "BT" wrote:
>> >
>> >> Hi all
>> >>
>> >> I found that many failed security audit in the event log. For
>> >> example:-
>> >> The logon to account: administrator by:
>> >> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: WRK001 failed.
>> >> The
>> >> error code was: 3221225578
>> >>
>> >> The logon to account: administrator by:
>> >> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: WRK002 failed.
>> >> The
>> >> error code was: 3221225578
>> >>
>> >> ...
>> >>
>> >> They are come from many different pc.
>> >>
>> >> Can someone explain to me what is happening?
>> >>
>> >> Thanks
>> >> BT
>> >>
>>



Posted by Roger Abell [MVP] on February 10, 2007, 10:55 am
Please log in for more thread options
> Yeah this is similar to a situation I have. I have a company director that
> is resisting putting his machine on the company domain because it'll mess
> his settings for his home network. As a result, if he wants to use domain
> resources like file server / printer / exchange etc, he has to enter his
> domain password.
>
> The result from my side though is plenty of failed logon attempts, not
> only on DC but also on normal users PC's.
>
> At the risk of hijaking this thread, why am I getting failed login
> attempts on normal user's PC's? I know he isn't browsing deliberatly to
> other machines, so am guessing it's a back end XP process, perhaps the
> computer browser service?
>

I doubt it would be any of the background activity of the computer
browser service (which is limited to participation as master or
backup master browser, or getting the list from same).

If the events you see logged on various PCs are indicated as
failed login originating from his PC and for the account he is
using, then it is some process running in context of his account.
(not sure about this, but perhaps, the network chatter due to
leaving the "Automatically search for network folders/printers"
checkbox enabled in the Explorer options may be involved).

As an attempt to solve your issue with his use of local account,
have you tried having him define (within the account he uses)
network credentials for the domain ? He would find this in
the Users control panel applet for his account while logged in
with that account, or by issuing at start/run control keymgr.dll

Roger



Similar ThreadsPosted
Login Script Question - Failed Login Count, Location, and Method October 5, 2005, 6:28 pm
Hundreds of failed login attempts March 30, 2006, 1:13 pm
c2 failed login correlation to an origination IP/host ? June 22, 2005, 11:35 am
windows 2003 user login failed locally October 16, 2005, 1:50 pm
Single login per account possiable? September 28, 2005, 9:07 pm
ACL login security access July 5, 2005, 1:06 am
Changing the Administrator account username for security? June 15, 2005, 10:20 am
Adding Computer account to folder security March 20, 2006, 9:19 am
Local account home folder security win2003 June 28, 2005, 4:10 pm
Reading Security Event Logs with Service Account November 15, 2007, 7:36 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap