it simply means someone tried guessing the account more than three times somewhere. That's one of the down sides of shared accounts.
remember, activity on accounts gets mirrored around your org, so if someone guesses three times on machine a, those attempts will get reflected to machines b,c,d etc when they sync.
bottom line is don't use shared accounts - it's awful from a security point of view, and you don't satisfy the premise of auditability. Use a unique account for every person.
ok so what we can do now. We must have main administrator account, but we can't create different admin account for each computers. Any users have unique limited domain account and this is not a problem. But when we wan't switch user to administrator - this is a problem. You think someone tried guessing more than three times somewhere. Ok, I understand, but why 1 PC is blocked and another no? When account is reached failure logon limit and it's blocked. It seems to me that I can't logon on any computers. But it is not so.
I can't understand McAfee password synchronization policy
For a password to sync, the machine has to connect to EPO. So, on the machine the user has been guessing on, someone has to actually log in so windows starts, then that guessing will be reflected into EPO, and sent down to other machines.
Why do you need to be using a main admin account? Why don't you simply add the individual accounts for each administrator to each machine? Having an anonymous "admin" account is not really how things should be.
Huh, ok sorry but I again don't understand your reply. We can't add the individual accounts for each administrator to each machine, because we have blocked possibility of logon local users. We provide users to Endpoint Encryption via Endpoint Users module and this users are assign from our Active Directory service. This is not anonymous "admin" - this is global, build-in domain administrator, who have all privileges and which is used for domain maintenance, install/remove apps, copy files, etc.
I have a another question. Is there a solution which allow me to copy data from unbootable encrypted computers or same encrypted disks? Now we are using WinPE with EETech and remove Endpoint Encryption (I means Token and EECode Authorization). But this options is horrible slowly. For example laptop with 500GB HDD is able to decrypt about 72 hours. It's sick. We can using BartPE with EETech but this solution is not able to handle external usb devices, AHCI or RAID drives etc. The best options would be some linux distrubution (for example SystemRescueCD) with the possibily of access to data (prior authorization of course), or moved encrypted drive to another computer, authorize with token, file, eecode, whatever and copy data to another drive.
Firstly, if you're using EETech on WinPE, then it will take the same amount of time to decrypt as it did to encrypt - it's exactly the same driver etc. If it's running really slowly, that usually means you forgot to add your vendor specific hard disk driver to the WinPE image.
RAID is not supported anyway, AHCI is - again, you need to add the Windows driver to the WinPE image - It's WinPE handling the disk, not EETech.
You can access the drive in WinPE after mounting it in EETech so you can access the data on it etc copy files off the encrypted drive, fix the registry etc, in fact all the things you mention are possible once you have EETech running on WinPE.
Again, to fix the speed problem, make sure you add the Dell or whoever disk drivers to your WinPE/BartPE build.