Why is the account blocked? We identify the source of user account blocking in Active Directory. What to do if there is no unlock account button

Many people are familiar with computers, but most actions are performed automatically, without going into details. Almost everyone has their own pages on social networks, electronic mailbox and accounts in popular instant messengers.

But if you ask them what a “provider” or “account” is, they are unlikely to answer quickly and intelligibly. And really, where did this concept come from?

It comes from English account, which translates to “bank account.” In Russia and other CIS countries it has acquired a different meaning. This word refers to a user account of a virtual resource. It makes it possible to turn from a guest into a regular visitor. To do this you just need to register.

An account is a collection of many elements. It includes login, password and address email. These are mandatory components, but there are also additional ones: Twitter, Skype, ICQ number, mobile phone, avatar or photograph. Personal information usually cannot be viewed by other users; only the administration has access to it.

Before receiving an account, you must read the rules, check the information entered in the appropriate fields and then confirm your registration by clicking on the provided link.

Not all sites require registration, but sometimes it is very convenient for the visitor himself. He gets more rights, can leave comments, participate in competitions, view all pages, find out latest news about the project.

Definitely don't panic! This is a fixable issue. Naturally, it is better to take care of the safety of all information in advance: keep a special notebook, a separate text file. You need to write down new passwords on time, keep them at hand, but in a place inaccessible to others. However, you can't keep track of everything. In this case, the resource administration comes to the rescue.

You click on the “forgot login” (or password) button, remind yourself what email you have - and after some time they send you the necessary data in a letter.

Usually this happens due to the fault of the user himself; you probably violated some condition. Try to find the reason yourself, re-read user agreement and pay special attention to the section that concerns various sanctions, blocking periods and the possibility of its removal.

If you haven’t found the necessary items and are unable to figure out the problem yourself, then there is only one way out – contact the administrators.

Of course, it's not always your fault. Perhaps your account was simply hacked, and the administration is thus protecting visitors from intruders. This could also happen if you caught a virus the day before, then the program sometimes recognizes your login password and automatically logs into sites through your accounts.

As a rule, the administration accommodates registered users and helps to quickly recover lost information. However, there are other situations. If they refuse help or ask you to pay a lot of money, then it’s easier to create a new account.

This is also an account, only this time it’s not a user, but mobile device. For example, many people now browse the web using a smartphone. If it has an operating system installed Android system, then you can create an account in services from Google. It will make it easy to view mail, surf and use search. There are also accounts that work on other operating systems and gadgets.

This is a great opportunity to save time on data entry, save all settings and personal information about the owner of the device. Thanks to it, access to the phone or smartphone is also restored if problems occur.

At first, many people think that this is difficult and not very necessary, but then they get used to it and understand: without an account on your phone it’s like having no hands. Still, you won’t carry a laptop or tablet with you everywhere, sometimes good smartphone enough.

In this article we will describe how track blocking events user accounts on domain controllers Active Directory, determine from which computer and from what specific program Permanent blocking is performed. Consider using to find the source of a log lock Windows security and PowerShell scripts.

Account security policies in most organizations require mandatory locking account user in the Active Directory domain if the user enters the password n ​​times incorrectly. Typically, the account is locked by the domain controller after several attempts to enter the wrong password for several minutes (5-30), during which the user is unable to log in to the system. After determining the time specified by security policies, the domain account is automatically unlocked. Temporarily blocking an account reduces the risk of password guessing (by simple brute force) of AD user accounts.

If a user account in a domain is blocked, a warning appears when trying to log in to Windows:

The referenced account is currently locked out and may not be logged on to ….

Domain account lockout policies

$Username = 'username1'
Get-ADDomainController -fi * | select -exp hostname | % (
$GweParams = @(
'Computername' = $_
'LogName' = 'Security'
‘FilterXPath’ = "* and EventData="$Username"]]"
}
$Events = Get-WinEvent @GweParams
$Events | foreach ($_.Computer + " " +$_.Properties.value + " " + $_.TimeCreated)
}

Note. If there are several domain controllers, the search operation for blocking events will have to be searched through the logs on each of them; you can also organize . You can make this difficult task easier using the Microsoft Account Lockout and Management Tools utility (you can download it). Using this utility, you can specify several domain controllers at once, whose event logs need to be monitored, the number of incorrect password entries for a specific user (attributes badPwdCount And LastBadPasswordAttempt are not replicated between domain controllers).

We identify the program, the reason for blocking the account in AD

So, we have determined from which computer or device the account was blocked. Now I would like to understand which program or process is making unsuccessful login attempts and is the source of the blocking.

Users often begin to complain about their account being blocked on a domain after a scheduled password change your domain account. This suggests that the old (incorrect) password is stored in some program, script or service that periodically tries to log in to a domain with an outdated password. Let's look at the most common places where a user could use his old password:

1. Mounting a network drive via net use (Map Drive)
2. In Windows Scheduler tasks
3. IN Windows services, which are configured to run under a domain account
4. Saved passwords in (Credential Manager)
5. Browsers
6. Mobile devices (for example, used to access corporate email)
7. Programs with autologin
8. Unfinished user sessions on other computers or terminal servers
9. Etc.

Advice. There are a number third party utilities(mostly commercial) allowing the administrator to scan a remote machine and detect the source of account blocking. As a fairly popular solution, we note Account Lockout Examiner from Netwrix.

For a more detailed audit of locks on the found machine, you need to enable a number of local ones. To do this, on the local computer on which you want to track the source of the blocking, open the editor group policiesGpedit.msc and in the section Compute Configurations -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy enable policies:

• Audit process tracking: Success, Failure
• Audit logon events: Success, Failure

Wait for the next account lockout and look in the Security log for events with Event ID 4625. In our case, this event looks like this:

From the event description it is clear that the source of account blocking is the process mssdmn.exe(is a Sharepoint component). All that remains is to inform the user that he needs to update his password on the Sharepoint web portal.

After completing the analysis, identifying and punishing the culprit, do not forget to disable the activated group audit policies.

In the event that you have not been able to find out the reason for blocking your account on a specific computer, in order to avoid permanent blocking accounts, it’s worth trying to rename the user account name in Active Directory. This is usually the most effective method of protection against sudden blocking of a specific user.

Monday, January 14, 2019

Think your account was banned or suspended by mistake? Fill out our webform.

We want to help! Let us know if you think the ban or suspension on your EA Account or one of the user names connected to it was a mistake.

1. Click at the top of any page on EA Help.
2. Select the game that your account was banned or suspended from. If it's on your whole EA Account, choose Origin.
3. Choose your platform.
4. Select Manage my account, then Banned or suspended account.
5. Fill out any other details below.
   • For example, if you picked Origin, it might ask you if you are accessing the game through an Origin Access membership.
6. Click Select contact option.
7. Sign in to your account that has the ban or suspension, if you aren’t already.

Then you’ll see our email webform. Fill it out to give us all the details for your case.

When you fill out the webform:

Your subject line should follow this format: – –

Here are some examples:

• Banned Account – Battlefield 1 – MySoldierABC
• Suspended Account – Answers HQ – Player1234

Include this info in the description

Under the Subject line, there’s a text box where you can describe your issue. We need to know these three things so we can help you:

1. Your user name
   • This is your EA ID, PlayStation™Network Online ID, Xbox Live gamertag, EA mobile game-specific User ID, or game-specific user name.
   • Your Answers HQ user name is the same as your EA ID, but your user name for a game-specific forum, like The Sims, can be different. Make sure you give us your user name and the specific forum and what language it’s in when you reach out to us.
   • Need help finding your mobile User ID? .
2. Detailed info that includes any error or notification messages that you saw.
   • Tell us what’s going on and why we need to take another look at the action that we took on your account.
3. Email address that"s on your banned or suspended EA Account.
   • If you"re playing on a mobile game, your email address may not be linked to that game. Make sure to email us using an email address that"s linked to an EA Account so you can get more information about the action taken on your mobile game account.

We review each form we get on a case-by-case basis. While we try as hard as we can to reply within five business days, we’re human. Sometimes we'll need longer to do it right.

Look for emails from [email protected] . We send our first emails about bans and suspensions and our replies to you from that address.

We"re happy to help you with your games and other questions when you call or chat with us. But the team that helps with banned and suspended accounts only works via email. By submitting this webform, your case will be with the team that specifically works on account bans and suspensions.

• I didn't get the email?
• You can"t unban my account? Who else can help me?
• I don't know which account got the ban?
• I can"t get online on any EA or non-EA games?

What if I didn't get the email?

You should see the first emails about bans and suspensions and any replies from [email protected] . Make sure you:

• Add [email protected] as a safe sender.
• Check your spam, junk, or social folders.

What if you can"t unban my account? Who can help me?

Some games have their own dispute process. Use the link for your game if you see it on the list.

Well, finally, at least some digestible information.
Question : Why is Google+ blocking a profile... or My Google+ account was blocked - why and what to do?

So, from official sources (response from a Google employee):

For those who are facing blocking problem Google profile+ I inform you that when blocking user profiles, we are guided by the following Rules regarding user behavior and content posted by them.

Some tips to avoid blocking:
1. Please indicate your real first and last name or first and last name by which your friends, relatives and colleagues know you.
If you use your real name on your profile, you will be easy to find online. Titles that are used to address you in professional, educational, social, or religious settings (such as "Doctor," "Reverend," or "Professor") cannot be included in profile fields. Examples of violations: Dr. Stanislav Liventsov; D. M. Sergeev. The name should also not contain unusual or unnecessary characters, such as * or @.

2. Do not post sexually explicit material.

In order to unblock access, follow the instructions indicated on your profile page and your profile will soon be unblocked. If account unlocking is refused, then the violations remain. Correct them, file an appeal and the account will be opened.

Sincerely,

Kate.

I will quote another answer to a similar question:

Profile blocking is due to a violation Rules use of the product. Please read the Rules and correct any violations before filing an appeal or complaint on this forum. You can correct violations by following the instructions on your Profile page.

The most common reason for blocking is the addition of a fictitious or non-existent name.

Here are real examples of Profile names that we have recently blocked:

Children's toys
- Father Frost
- I'll tell you the truth
- Baby Class

and there are hundreds, if not thousands of them!

Attention: Names must be real without unnecessary abbreviations and symbols! Here are the criteria we use when blocking accounts for the wrong name.

If you do not want to provide your real name, you can opt out of Google+ features.

In my opinion, it’s a rather strange reason for the blocking... Maybe you’ll also need to provide your passport details and identification code?)))

After such explanations, Twitter becomes all the sweeter to me) - and my wonderful friends - Dunno, Violet, Toffee and others). Warm feelings...
The main thing is that it is now clear where you can contact people in Russian. So, the forum page support, where there is a chance that professionals, and perhaps even Google employees, will answer you - Google+ forum.