search

Feb 11 2009   8:08PM GMT

Tracking down that user/computer that locks AD accounts

Posted by: Troy Tate
Data security, administration, analysis, antivirus, anti-virus, diagnostics, howto, information security, malicious activity, malware, Microsoft, Microsoft Windows, Active Directory, AD, network security, Password, policy enforcement, reporting, risk, risks, scanning, search, Security, security notification, tools, troubleshooting, Windows, password management, account management

With an environment spanning 18+ sites and more than 3000 computers around the globe, you could understand how challenging it would be to track down what device/user might be locking user accounts. There are tools out there that you can pay for that can help do this. However, Microsoft has some free tools that with a little testing and use will permit you to quickly track down where the account is being locked and address the situation.

We had a situation recently where malicious software got onto a couple of machines and attempted to use the Administrator account to login. We have account lockout on our Windows 2003 AD domain, so after the appropriate number of invalid tries the Administrator account was locked out in the domain. This is because the machines were members of the domain and the malware did not distinguish the local administrator account from the domain administrator when attempting to elevate authority. Note that we use least user authority in our environment so the malware was not able to spread beyond these two machines. We suspect the machines became infected due to out of date antivirus signatures.

Unfortunately, the antivirus we use did not alert us to the situation. The way we were alerted was by our Microsoft Systems Center Operations Manager (SCOM) implementation. It notified the SCOM admin that the domain Administrator account was locked. The operations team was then tasked with tracking down what or who was locking this account. This is where the Microsoft Account Lockout and Management Tools came in use and helped isolate the cause. Continued »

Feb 3 2009   7:41PM GMT

Will Microsoft ever get search right?

Posted by: Troy Tate
Microsoft, Google, search, Live search, Microsoft Live, documentation, Powershell

I am looking for some documentation on Powershell to better understand how to use it. Per Wikipedia: Windows PowerShell is an extensible command-line shell and associated scripting language from Microsoft. So, I went to the Microsoft.com home page at www.microsoft.com. I typed powershell into the Search field at the very top of the page. I clicked the magnifying glass… waited a few seconds… and NOTHING was returned! So, I clicked on the Live Search option and 39,500 results were returned. So, now when I go to the main Microsoft page and then enter powershell into the same search term field as before and press Enter, the Live search results get returned - filtered for Microsoft.com only. It seems like my Live search excursion “woke up” the main Microsoft website search into knowing some powershell content does exist at Microsoft.com

I have often been frustrated in the past when searching Microsoft support using the exact error or event code from a Microsoft system or application log and nothing gets returned. It just seems like Microsoft is still missing the boat when it comes to search.

So, I guess I will continue to Google for Microsoft support information until I can see that Microsoft is better able to search their own website from their homepage.

Thanks for reading & let’s be good network citizens out there!