- Event ID : 4625
- Caller Process Name : dllhost.exe
- Happened within the same seconds for all users
It is quite impossible for all users to coincidentally failed to log on at the same time. At first we thought of the possibility of denial of service attack on the servers. After some browsing on the Internet and thinking through what we have done before this incident happened, we suspect that this is due to Account Management feature accessible from Control Panel.
We did some simple test to confirm the root cause of this issue:
1. Add audit success and audit failure on the Audit Policy under Local Security Policy setting
2. Open Event Viewer, go to Windows Log, Security
Filter Event ID : 4625
3. Open User Accounts under Control Panel
4. Click Manage Another Accounts link
This action will trigger Audit Failure on the Event Viewer Log for all user accounts
5. Go back to Event Viewer and press Refresh
You will notice a lot of Audit Failure Entry which occurred at the same time.
This will trigger account lock out if Account Lockout Policy is configured
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/a8416c27-1a33-4656-a8aa-38f8aaa4533f
ReplyDeleteA known issue that Microsoft refuses to post a KB Article for.......very bizarre.
Amazing!!! Your Post And This Information Very Use full For Me Thank You Tips to Find the Best Data Recovery Company
ReplyDeleteI found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... buy lol smurfs
ReplyDeleteHealths Care Concept, Tech World, Tech Life, Tech News, Zo Media, Bn Notary, The Build Medias
ReplyDeleteinformative post- Wedding roses in a box
ReplyDeleteThanks For Sharing this..
ReplyDeleteI found that this post is very helpful and effective .I enjoyed it.We have one of the best hard disk cleaner called WinDirStat which will help you to clean unneeded files from your PC.
ReplyDelete