Having a small problem here....
Accounts are being locked out on a server due to too many invalid login attempts.
The thing is - the users aren't really trying to log in. Something on our laptop is doing it automatically and we can't figure out how to stop it!
From the security event log:
Reason: Unknown user name or bad password
User Name: bill.user (changed for Glocktalk)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: BILLSLAPTOP
Note: We do not use Active Directory nor a domain controller.
It seems to only be happening on one machine, which happens to be our main web server.
Virus scans aren't showing anything. One person's laptop is trying to login every 5 minutes on the dot. Others are more random.
I have tried Googling the NtLmSsp and NTLM, but not having any luck resolving the issue. Anyone?
The only way we log in to this server is through remote desktop (very limited # of users for this server). We are finding that when we try to log in, we are told our accounts are locked out. So we log in as Administrator, take a look at the logs... and that's what I posted above.