Recent download poll results show that administrators need good tools for troubleshooting and resolving account lock-out issues. Strong password policies and account lockout thresholds exist for very good reasons and have been common practice for a number of years now as the first line of defense against hackers and thieves and are also required by many regulatory compliance guidelines. Help desk staff resolve account lockout problems each and every day taking time away from more important tasks. As a result, having an effective set of tools to help quickly manage these problems is essential. In addition to the help desk, security teams need good AD account lockout tools to examine potential security breaches using brute force attempts and ensure access is only being granted to those that require it to perform their daily duties. Another important and perhaps obvious benefit of account lockouts is confirmation these account lockout policies are being enforced. Account lockouts can result from a variety of other conditions besides users forgetting passwords such as stale credentials cached and used on local systems, a mapped network drive, scheduled tasks and services as well as Active Directory replication problems.
Microsoft offers a number of tools to address account lockout problems. Back in 2003 these tools were made available to address account lockout problems and have seen minor updates over the years. Both GUI based as well as a few command-line tools are offered. Interfacing with Active Directory is the primary means for facilitating authentication however natively, the Active Directory Users and Computers snap-in offers few options to the administrator troubleshooting a locked-out account. Reviewing logs manually is inefficient and frequently lacks all the details to fully understand many account lockout problems. These tools can help although you may need to employ more than one to get all the details.
NetWrix recognizes that while these tools prove useful in a number of situations, many features and capabilities do not exist that administrators and help desk staff need to accelerate account lockout troubleshooting. As a result, NetWrix offers the Account Lockout Examiner. This free tool is a single source for collecting, analyzing and identifying a much broader variety of account lockout situations. Unlike Microsoft tools, NetWrix Account Lockout Examiner automatically notifies staff via e-mail of locked out accounts in real-time. It also can automatically find the root cause of the lockout problem including the system that generated the condition using our proprietary heuristics-based technology. Technicians can also unlock multiple accounts simultaneously either through an easy-to-use GUI or even through a hand-held device. The value of NetWrix Account Lockout Examiner tool is further enhanced by incorporating other NetWrix identity management tools including NetWrix Password Manager, NetWrix Password Expiration Notifier and NetWrix Inactive Users Tracker are available as full featured products as well as freeware. Combining these tools facilitates rapid resolution to account lockouts as well as providing management capabilities for user passwords and identification of unused accounts helping organizations retain greater control over their environments above and beyond native tools. Account lockouts don’t have to consume valuable resources and if faced with these kinds of problems, NetWrix offers specialized tools to resolve them quickly and cost-effectively.
Are you using these native tools offered by Microsoft? What account lockout problems are the most challenging? Please share your thoughts and comments below: