Peter's lockout saga - Episode two

Dan, our consultant, had a really good idea for temporarily helping me out with this.

Move the user to a new OU. Create a new GPO with one change: account lockout policy is set to 0 (never lock out). Set the policy to enforced, and 'block inheritance'.

Voila!

Actually this didn't work. Shame. It seemed like a good idea. The issue with it is that the GPO is only applied on either: the computer, or the user. Since this request is coming from neither a computer nor a user, the GPO does not apply, and the lockouts continue.

To continue that line of thought, what on earth is trying to use his account?

Dan checked it out a bit more, and discovered (using more auditing) that it was the NETWORK SERVICE account using the Firewall PID. Really weird.

As part of our network revamp process, we're going to be isolating the functions of ISA - namely just having it work as a web proxy, and move the firewall functions over to the Cisco router, with a few other bits in between.

More to come...

Comments

Popular posts from this blog

DFSR - eventid 4312 - replication just won't work

Fixing duplicate SPNs (service principal name)

Logstash to Nagios - alerting based on Windows Event ID