If your domain account keeps getting locked all by itself for no particular reason, its probably because you ‘saved’ your password somewhere while accessing a resource. You have since then, changed the password, but Windows (or another application) still remembers your old (cached) password and uses it to authenticate.
You may have entered your password and not thought much about it — it could be that shared folder or printer you were trying to access last month. Or it could be the password you entered for authenticating to the proxy while you logged in locally to your PC or on another machine and decided to browse the internet. It could even be entered in the browser while you logged in to the corporate portal whilst not logged in to the domain.
If this is the case, you can clear all the stored passwords on a Windows machine by typing the following command:
rundll32.exe keymgr.dll, KRShowKeyMgr
Or in Windows XP, you can use the Stored Passwords option within the Users applet in Control Panel. Remove all the stored credentials listed there and you should be fine. Also note that it saves your MSN Passport account password here as well!
Another reason for a lockout could be a service or application or scheduled task that you have configured to use your domain password while starting or performing an operation. Once you change your password, the previously saved password will not work and this results in a lockout.
The most recent iteration of Microsoft’ flagship desktop operating system, Windows Vista, has certain enhancements that let you save $50 to $70 per year on energy costs to power a single computer.
It is believed that Windows is the operating system of choice on 100 million desks worldwide. Computers are not always in use all the time that they are powered on. Typically office PCs are kept on all the time – after office hours and over weekends. Estimates suggest that the world spends $5 to $7 billion a year powering ‘inactive’ computers! From an environmental perspective, this also means 45 million tons of CO2 emitted per year. Interesting to note: your choice of operating system affects your contribution to global warming!!
With the enhanced power management features of Windows Vista, these cost savings on energy can be realized. So I guess Vista’s ‘greener’ than Windows XP.
Critics say that if Microsoft had found out how to minimize these costs on the Windows XP operating system when it was released five years ago, the world would have saved $25 billion worth of energy. Re-thinking it liberally, new technology is supposed to do that: make things better and make lives easier.
A few decades ago, we may not have had car engines that are as fuel efficient as they are today. So do we blame the Hudson Motor Car company or Mercedes-Benz for not having developed energy-efficient engine models back then?
I was totally amazed when I stumbled upon the Microsoft Bhasha project. It is the Microsoft Indic Language project – and they have developed Windows interface packs in almost every Indian language – Hindi, Tamil, Kannada, Gujarati, Marathi, Telugu, Bengali, Malayalam, Punjabi, Konkani, Oriya, Sanskrit, and Nepali.
So I dared to download the Windows XP interface pack of my native language, Malayalam from the Microsoft website. Very interesting to note that even the download page was written in Malayalam. Too excited to read, I went ahead, downloaded and installed it.
This is what I got (click to enlarge):
It was extremely funny. I mean, I’m glad it’s localized to my own language but the words used were … er.. preposterous. An ‘ordinary’ Keralite like me will better understand the English version.
So you opened ADSIEDIT and checked the LastLogon attribute for a user, expecting a decently formatted date and time – and instead – found something like this: 128271382742968750.
This is the Windows NT time format. Before you jump out of your chair, lets find out what this actually is. Believe it or not, the lastLogon attribute is stored as the number of 100-nanosecond intervals that have elapsed since the 0 hour on January 1, 1601! (Umm.. no, I don’t know why!)
So how do we convert the LastLogon value to human-years? You don’t need to pull your hair out, you can use this command:
w32tm /ntte [time in NT format] For instance, if we want to convert 128271382742968750:
To add a twist in the tale, notice that the date/time in NT Time Format is stored in GMT time. Since I am in the GMT +3:00 timezone, w32tm first listed the original value and added +3:00 to it to give me the output in my local time.
Another twist: Active Directory does NOT replicate the LastLogon attribute across domain controllers. So in order to get an accurate value, you need to obtain the LastLogon value for the same user from all your domain controllers and accept the value that is highest.
ModifyProfile, an ingenious freeware tool written by Marty List, lets you modify the HKEY_CURRENT_USER\ registry hive of any user on your machine, without requiring the user to login.
By design, Windows has a different HKEY_CURRENT_USER hive for every user that has a profile on the Windows computer. This is stored in the C:\Documents & Settings\username\NTUser.dat file in each user’s profile. This hive is “loaded” whenever the user logs in and is displayed in REGEDIT as the HKEY_CURRENT_USER hive. Depending on which user is logged in, the hive is different, because a different NTUser.dat file has been loaded.
Sometimes an administrator needs to change a registry value in the HKEY_CURRENT_USER hive of many or all users who log on to a particular system. I’ve seen that adminsitrators are usually confronted with this kind of a challenge on Terminal Servers, where multiple users estabish remote desktop/terminal sessions, and a change/restriction needs to be made in the HKEY_CURRENT_USER hive of all users.
Instead of having to login to each user’s session or write a login script to make the change, the administrator can pick a time when no user will be logged in(because the NTUser.dat file should not be “in use”) and use the ModifyProfile tool from the administrator’s command line.
For instance, I can implement a registry change stored in a .reg file for all users, by using a single command like:
ModifyProfile.exe /PROFILE:ALL /REG:”C:\TEMP\Changes.reg” /KEYNAME:TempHive and ModifyProfile will open each user’s hive and do the job!
When you experience the amazing, the incredible, the exhilarating, your mouth drops open and you go – “WOW!!”
Microsoft is giving away cool prizes to people who upload their WOW’s on http://www.showusyourwow.com/ – prizes include high definition video camera, holiday trip for two, Windows Ultimate desktops/laptops…
Sadly, not available in the Middle East . Available in India and many other countries. Visit www.showusyourwow.com
. Available in India and many other countries. Visit