4 Replies Latest reply on Jul 8, 2011 8:30 AM by gng4life

    DLP Locking AD Accounts?


      I suspect that the DLP agent is locking AD domain accounts for users who are using local accounts with the same name.


      For example USERID is a local account on the machine and a domain account:  USERID\machine  USERID\DOMAIN

      The user logs in using the local account.  Eventually the domain account gets locked.  If the passwords for the local and domain account are the same then the issue does not happen.  Since this just started with the DLP agent deployment I suspect DLP is the issue.


      I assume that DLP has to do a policy evaluation against AD (our policies utlilize AD groups).  Does it use credentials for this?  If its a local account shouldn't it stop right there and not do an AD evaluation?  I am going to try to put 'local accounts' in a user group by itself with no AD groups to see if that resolves it..  Anyone else see anything like this?  Looks like another SR for me!