So this is a weird development we’ve come across that I’ve been able to duplicate.
Let’s say a user logs into a workstation and the user get’s locked out of the domain they can still access network resources without issue (email, shares, printers). If they lock their workstation they can still unlock it.
However, if the user get’s locked out before they login or after they lock the workstation they cannot login or unlock themselves.
IN both instances I can see the user is locked at the appropriate servers they are authenticating to. Eventually that lock out gets replicated to the other DC’s in the domain.
I thought it had something to do with the IRPStackSize because one of the machines was having that issue. But that got resolved and I was able to duplicate it on another machine in an entirely different site.
There is nothing specifically in the log on the workstation except that the user is locked out. However, they are still able to do the above. I’m really at a loss. I was able to install the User Account Lockout tool from MS. But I don’t really see anything, either that or I don’t know what to look at.
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.