We had an instance where a user changed positions and because of that change his group membership changed. When his group membership changed he started getting messages about his account being locked out when trying to logon to the system. We would unlock his account, but within a few minutes it would lock again. We searched the Event Logs on our Domain Controllers and were able to identify the computer that was causing problems. If the computer was turned off he didn’t have this problem, but as soon as the computer was turned on the account would start locking.
We did some searching and came across someone else that was having similar problems. Their recommendation was to download PsExec and then run the following commands:
Open Command Prompt and run: psexec -i -s -d cmd.exe
From the new Command Prompt window run: rundll32 keymgr.dll,KRShowKeyMgr
Then remove any items that appeared with the persons username.
Once we completed the steps above the problem went away.
Source: TechNet Discussion
Be First to Comment