In the previous blog of this series, “[Infographic]Three tips to simplify Active Directory compliance and auditing”, we discussed the tips and tricks to achieve compliance. In this blog, let’s discuss what admins must focus on when dealing with account lockouts.
Account lockouts are some of the most common complaints received by help desks. Although many of these complaints can be resolved with a simple password reset, other complaints require a more thorough investigation to make sure there hasn’t been a breach. This means that IT admins have to walk a fine line between enhancing productivity and ensuring security. As you devise new strategies to overcome these challenges, it’s essential to understand how account lockouts are dealt with by other admins. ManageEngine conducted a survey to find out the common problems they face. According to them, following are the issues you need to focus on when dealing with account lockouts:
1. Trace the complaint back to the source.
It’s helpful to classify the origin of an account lockout as either malicious or benign. When using native auditing tools to locate the origin of the lockout, an IT admin must sift through a plethora of logs. Every Windows component that relies on users’ credentials needs to be checked to ensure that stale credentials are not the cause of the problem. If stale credentials are at the core of the problem, the lockout can be considered benign. At the same time, if stale passwords are not the cause, the account’s logon history and logon failures have to be scoured to make sure there hasn’t been a brute force attack. Either way, using native auditing tools and spending hours sifting through logs is cumbersome and often ineffective.
2. Walk down memory lane.
Almost every organization has a few users who seem to get locked out of their accounts frequently. By filtering these users, you can keep an eye on them so you don’t dismiss a potential threat as just another forgotten password.
The Windows Event Viewer is a nightmare for any IT admin trying to monitor a segmented group of users more closely. This is because every activity performed by each user is cluttered together in a bunch of logs. Sorting through all these logs to find ones for the users we want to focus on would take hours.
3. Hurry up. The clock is ticking!
If not resolved quickly, account lockouts can lead to service downtime. The lost minutes due to account lockouts can quickly pile up and negatively impact business productivity. This is especially true if the services using the locked out user’s credentials are client-facing. Unfortunately, native Active Directory tools offer little help in determining the source of the problem and unlocking accounts.
Check out this infographic to learn about other AD and IT security problems that admins tackle.
