Identifying a process causing account lockouts

We had an issue where a server kept locking a certain domain account of which the password recently changed.
It didn’t matter who logged in to this server the same account was locked everytime another person logged in to the server.

The issue was caused due to the fact that the system account had stored credentials for a drive mapping.
These stored credentials were causing the lock of the user who recently changed the password.

Solution :

  • Download PsExec.exe  https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
  • copy PsExec.exe to C:\Windows\System32 .
  • Open a command prompt and run the following :
    psexec -i -s -d cmd.exe
  • in the new DOS window run: rundll32 keymgr.dll,KRShowKeyMgr (this is case sensitive)
  • Remove any items out of the list of Stored User Names and Passwords.
  • Restart the computer.

Leave a Reply

Your email address will not be published.