I have always wondered about this...

  • 141 Views
  • Last Post 11 January 2017
kebabfest posted this 06 January 2017

I changed my password on a particular domain , but the policies on this one have an account with my details on it which keeps locking out.I generally have a look at the Lookout Tool to find out where this lock out is happening.However since it is my own account I am struggling.Now I am sure I will find the server eventually, but in the meantime I have access to a console even though my account is locked.
Is there any sneaky way of unlocking my account from a locked account that has access to an AD console.....???

Order By: Standard | Newest | Votes
a-ko posted this 06 January 2017

In general, Kerberos TGTs don’t get “locked out”.

 

So if you’ve got a session with an Active Kerberos TGT, you can unlock your account if it gets locked.

 

I’ve had to (ab)use this on a few occasions before

😉

 

-Mike Cramer

 

show

kebabfest posted this 09 January 2017

cheers Mike


show

febrero posted this 11 January 2017

it can be a mapped drive, idle Terminal Server session, a service configured with your credentials, sometimes even the AV scanning network drives.




Lockout tools are the way to troubleshoot so you know what DC is getting the bad password attempts, if its Kerberos you will see an event id with information about the machine sending the bad password, ir its NTLM you need to enable verbose netlogon logon

and search for the bad password there. 









show

Close