What is an account and what is it for? We identify the source of blocking a user account in Active Directory Your account is blocked due to re-registration

In this article, we will describe how track blocking events user accounts on controllers of the Active Directory domain, determine from which computer and from what specific program a permanent block is in progress. Let's look at how to use Windows Security Log and PowerShell scripts to find the source of blocking.

The account security policy in most organizations requires that a user account in an Active Directory domain be locked out in the event that a user enters a password incorrectly n times. Usually, an account is blocked by a domain controller after several attempts to enter the wrong password for several minutes (5-30), during which the user cannot log in to the system. After defining the time specified by security policies, the domain account is automatically unlocked. Temporary account blocking allows you to reduce the risk of brute-force attacks on your AD user accounts.

In the event that a user account in the domain is blocked, a warning appears when trying to log in to Windows:

The referenced account is currently locked out and may not be logged on to….

Domain Account Lockout Policies

$ Username \u003d ‘username1’
Get-ADDomainController -fi * | select -exp hostname | % (
$ GweParams \u003d @ (
‘Computername’ \u003d $ _
‘LogName’ \u003d ‘Security’
‘FilterXPath’ \u003d "* and EventData \u003d" $ Username "]]"
}
$ Events \u003d Get-WinEvent @GweParams
$ Events | foreach ($ _. Computer + "" + $ _. Properties.value + "" + $ _. TimeCreated)
}

Note... If there are several domain controllers, you will have to search the logs on each of them to search for blocking events, you can also organize. To ease this difficult task, you can use the Microsoft Account Lockout and Management Tools utility (you can download it). Using this utility, you can specify several domain controllers at once whose event logs need to be monitored, the number of incorrect password entries for a specific user (attributes badPwdCount and LastBadPasswordAttempt are not replicated between domain controllers).

We identify the program, the reason for blocking an account in AD

So, we have determined from which computer or device the account was blocked. Now I would like to understand which program or process makes the failed login attempts and is the source of the blocking.

Often users start to complain about the blocking of their domain account after a planned password change your domain account... This suggests that the old (incorrect) password is stored in some program, script or service that periodically tries to log into the domain with an outdated password. Let's consider the most common places where a user could use their old password:

1. Mounting a network drive via net use (Map Drive)
2. In Windows Task Scheduler
3. In Windows services that are configured to run under a domain account
4. Saved passwords in (Credential Manager)
5. Browsers
6. Mobile devices (for example, used to access corporate email)
7. Auto-login programs
8. Incomplete user sessions on other computers or terminal servers
9. And etc.

Advice... There are a number of third-party utilities (mostly commercial) that allow an administrator to check a remote machine and detect the source of account lockouts. Account Lockout Examiner from Netwrix is \u200b\u200ba fairly popular solution.

For a more detailed audit of locks on the found machine, you must enable a number of local locks. To do this, on the local computer on which you want to track the source of the blocking, open the Group Policy Editor Gpedit.msc and in section Compute Configurations -\u003e Windows Settings -\u003e Security Settings -\u003e Local Policies -\u003e Audit Policy enable policies:

• Audit process tracking: Success, Failure
• Audit logon events: Success, Failure

Wait for the next account lockout and look in the Security log for events with Event ID 4625... In our case, this event looks like this:

From the description of the event, you can see that the source of account lockout is the mssdmn.exe (is a Sharepoint component). All that remains is to inform the user that he needs to update his password on the Sharepoint web portal.

After you finish analyzing, identifying and punishing the culprit, do not forget to disable the action of the activated group audit policies.

In the event that you still could not figure out the reason for the account lockout on a specific computer, in order to avoid permanent account lockout, you should try to rename the user account name in Active Directory. This is usually the most effective method of protecting against sudden blocking of a specific user.

Monday, January 14, 2019

Think your account was banned or suspended by mistake? Fill out our webform.

We want to help! Let us know if you think the ban or suspension on your EA Account or one of the user names connected to it was a mistake.

1. Click at the top of any page on EA Help.
2. Select the game that your account was banned or suspended from. If it's on your whole EA Account, choose Origin.
3. Choose your platform.
4. Select Manage my account, then Banned or suspended account.
5. Fill out any other details below.
   • For example, if you picked Origin, it might ask you if you are accessing the game through an Origin Access membership.
6. Click Select contact option.
7. Sign in to your account that has the ban or suspension, if you aren’t already.

Then you’ll see our email webform. Fill it out to give us all the details for your case.

When you fill out the webform:

Your subject line should follow this format: - -

Here are some examples:

• Banned Account - Battlefield 1 - MySoldierABC
• Suspended Account - Answers HQ - Player1234

Include this info in the description

Under the Subject line, there’s a text box where you can describe your issue. We need to know these three things so we can help you:

1. Your user name
   • This is your EA ID, PlayStation ™ Network Online ID, Xbox Live gamertag, EA mobile game-specific User ID, or game-specific user name.
   • Your Answers HQ user name is the same as your EA ID, but your user name for a game-specific forum, like The Sims, can be different. Make sure you give us your user name and the specific forum and what language it's in when you reach out to us.
   • Need help finding your mobile User ID? .
2. Detailed info that includes any error or notification messages that you saw.
   • Tell us what’s going on and why we need to take another look at the action that we took on your account.
3. Email address that "s on your banned or suspended EA Account.
   • If you "re playing on a mobile game, your email address may not be linked to that game. Make sure to email us using an email address that" s linked to an EA Account so you can get more information about the action taken on your mobile game account.

We review each form we get on a case-by-case basis. While we try as hard as we can to reply within five business days, we're human. Sometimes we'll need longer to do it right.

Look for emails from [email protected] ... We send our first emails about bans and suspensions and our replies to you from that address.

We "re happy to help you with your games and other questions when you call or chat with us. But the team that helps with banned and suspended accounts only works via email. By submitting this webform, your case will be with the team that specifically works on account bans and suspensions.

• I didn "t get the email?
• You can "t unban my account? Who else can help me?
• I don "t know which account got the ban?
• I can "t get online on any EA or non-EA games?

What if I didn "t get the email?

You should see the first emails about bans and suspensions and any replies from [email protected] ... Make sure you:

• Add [email protected] as a safe sender.
• Check your spam, junk, or social folders.

What if you can "t unban my account? Who can help me?

Some games have their own dispute process. Use the link for your game if you see it on the list.

Well, finally, at least some digestible information.
Question: why is Google+ blocking a profile ... or My Google + account has been blocked - why and what to do?

So, from official sources (answer from a Google employee):

For those who are facing the problem of blocking a Google+ profile, I inform you that when blocking user profiles, we are guided by the following Rules for user behavior and content posted by them.

Here are some tips to avoid blocking:
1. Please include your real name and surname or name and surname by which friends, relatives and colleagues know you.
If you enter your real name on your profile, it will be easy to find you on the Internet. Titles used to refer to you in a professional, educational, social, or religious institution (for example, "Doctor", "Reverend", or "Professor") cannot be entered in profile fields. Examples of violations: Dr. Stanislav Liventsov; D. M. Sergeev. The name should also not contain unusual or unnecessary characters, for example * or @.

2. Do not post sexually explicit material.

To unblock access, follow the instructions on your profile page and your profile will soon be unblocked. If the unblocking of the account is denied, then violations remain. Correct them, file an appeal and the account will be opened.

Yours faithfully,

Katia.

I will quote another answer to a similar question:

Blocking a Profile is associated with a violation Of the Rules product use. Please read the Rules and correct violations before filing an appeal or filing a complaint on this forum. You can fix violations by following the instructions on your Profile page.

The most common reason for blocking is the addition of a fictitious or non-existent name.

Here are real examples of Profile names that we recently blocked:

Toys for children
- Santa Claus
- I do not say neskazhukov
- Baby Class

and there are hundreds, if not thousands!

Attention: Names must be real without unnecessary abbreviations and symbols! Here are the criteria we follow when blocking accounts for the wrong name.

If you do not want to provide your real name, you can opt out of Google+ features.

In my opinion, a rather strange reason for blocking ... Maybe also passport data and identification code will need to be reported?)))

After such explanations, Twitter becomes all the more dear to me) - and my wonderful friends - Do not Know, Violet, Toffee and others). Warm feelings...
The main thing is that now it is clear where you can address in Russian. So the forum page support, where there is a possibility that professionals will answer you, and perhaps even Google employees - forum on Google +.

Friends, hello. Today's article will be useful primarily for corporate users of Windows-based computers working with standard local accounts. Whereas, only authorized persons of the company in the form of employees of the IT section can log into accounts with administrator status. Although, in a certain family microclimate, the problem described below can be encountered using home devices. What kind of problem is this? And this is the inability to access Windows with a notification on the lock screen "The user account is locked and cannot be used to log on to the network." What kind of blockage is this, and how to deal with it?

So, we can not enter Windows, because we see this on the lock screen.

Such blocking is the result of a certain number of unsuccessful attempts to authorize in the local account, if the computer administrator has made the appropriate settings for the local group policy.

Lock Windows Accounts

The computer administrator can set a certain number of attempts to log into user accounts in local group policies. If this number of attempts is exceeded, the account is blocked for entry. This is such a protection against guessing passwords. Even if we are not dealing with a situation of trying to guess a password for someone else's account, but simply its true owner inattentively entered characters or did not look at the keyboard layout, it will not be possible to log in to the system even if the correct password is entered. You will have to wait for the time set by the administrator until the login attempts counter is reset. And, of course, until the blocking time expires.

Such protection against guessing passwords is established in the local group policy editor, in the account lockout policy.

When this threshold is set, other policy settings - the time until the lockout counter is reset and the duration of the lockout itself - will automatically be set to 30 minutes.

They can be changed if necessary. And, for example, set a shorter time to reset the counter of unsuccessful password attempts.

And, on the contrary, increase the blocking time of the account itself.

This protection applies only to local accounts and does not work when trying to guess a password or pin code for connected Microsoft accounts.

There are several ways to unblock a blocked account:

Log in to the system as an administrator and unlock;

If access to the administrator account is not possible, remove the lock by booting from a removable device and tweaking something in the Windows registry.

How to unblock your Windows account if you have administrator access

If your account is blocked, but you have access to the administrator's account, you must log in to the latter and unblock your own in this way. Press the Win + R keys, enter:

In the window that opens, in the "Users" folder, look for your account and double-click on it.

In the window of the opened properties, uncheck the "Block account" checkbox. We apply.

We are trying to enter our account.

• Note: if you do not have a password for the administrator account, you should not try to log in using brute force. Password guessing protection applies to all local accounts, including the administrator. After a certain number of unsuccessful authorization attempts, his account will also be blocked.

How to unblock your Windows account if you don't have administrator access

If there is no access to the administrator account, we extract a DVD or a USB flash drive with the process of installing any version of Windows or a Live disk with the ability to edit the operating system registry. We boot the computer from a removable device, in our case it is a flash drive for installing Windows 10. Important: starting from a removable device should be carried out only when Windows 8.1 and 10 are rebooted. loaded from a file previously saved to disk. We also need the kernel to boot with modified registry settings.

At the first stage of installing Windows, press Shift + F10. We start the registry with the command line:

In the browse window, go to the root of the devices "This computer" and go to the Windows section. We have it designated as a drive (C: \\), but the system drive can also be listed under a different letter. Here you need to be guided by the volume of the section. On the system partition, open the "Windows" folders, then - "System32", then - "config". Inside the latter, we need a SAM file, this is the so-called registry hive, we open it.

An open bush must be named somehow, the name is not important. Let's call it 777.

Inside the registry key HKEY_LOCAL_MACHINE, we now observe a new branch 777. We expand the path inside it:

777 - SAM - Domains - Account - Users - Names

Find the name of your account in the "Names" folder. For example, we need the user Vasya. Let's see what, when you select Vasya, is displayed in the registry panel on the right. We have a value of 0x3f8. The same value, but only in a different writing format - with extra zeros in front and caps - are now looking for above, inside the "Users" folder.

Many people are familiar with the computer, but most of the actions are performed automatically, without going into details. Almost everyone has their own pages on social networks, an email inbox and accounts in popular instant messengers.

But if you ask them what a "provider" or "account" is, they are unlikely to answer quickly and intelligibly. And really, where did this concept come from?

It comes from English accountwhich translates as "bank account". In Russia and other CIS countries, it has acquired a different meaning. This word refers to the user account of a virtual resource. It gives the opportunity to turn from a guest into a regular visitor. To do this, you just need to register.

An account is a collection of many elements. It includes username, password and email address. These are mandatory components, but there are also additional ones: Twitter, Skype, ICQ number, mobile phone, avatar or photo. Personal information usually cannot be viewed by other users, only the administration has access to it.

Before receiving an account, you must read the rules, check the information entered in the appropriate fields and then confirm the registration by clicking on the specified link.

It is not necessary to register on all sites, but sometimes it is very convenient for the visitor himself. He gets more rights, can leave comments, participate in competitions, view all pages, find out the latest news about the project.

Do not panic for sure! This is fixable. Naturally, it is better to take care of the safety of all information in advance: create a special notebook, a separate text file. You need to write down new passwords on time, keep them at hand, but out of the reach of other people. However, you can't keep track of everything. In this case, the resource administration comes to the rescue.

You click on the "Forgot your login" (or password) button, remind you what your mail is - and after a while you will be sent the necessary data in a letter.

This usually happens through the fault of the user himself, you probably violated some condition. Try to find the reason yourself, re-read the user agreement and pay special attention to the section that deals with various sanctions, the timing of the blocking and the possibilities for its removal.

If you did not find the necessary items, they themselves are not able to deal with the problem, then there is only one way out - to contact the administrators.

Of course, you are not always to blame. Perhaps your account was simply hacked, and the administration thus protects visitors from intruders. It could also happen if a virus was caught the day before, then the program sometimes recognizes the login-password and automatically enters the sites through your accounts.

As a rule, the administration meets halfway for registered users and helps to quickly restore what is lost. However, there are other situations as well. If they refuse help or are asked to pay a lot of money, then it is easier to create a new account.

This is also an account, only not a user, but a mobile device. For example, nowadays many people browse the web using a smartphone. If the operating system Android is installed in it, then you can create an account in services from Google. It will make it easy to browse mail, surf and search. There are also accounts that work on other operating systems and gadgets.

This is a great opportunity to save time on data entry, save all settings and personal information about the device owner. Thanks to it, access to the phone or smartphone is also restored if a problem occurs.

At first, many people think that it is difficult and not too necessary, but then they get used to it and understand: without an account on the phone, it’s like no hands. Still, you can't carry a laptop or a tablet with you everywhere, sometimes a good smartphone is enough.