Here's some additional tactics worth trying if the problem (which seems somewhat suspicious) is still occurring:
(A) Check all the event logs to see if there's any information pointing to the change in account status. If they aren't set to log in fine details, change that so you'll see the most information about events.
(B) Without announcing it publicly, set up an account with exactly the same privileges (you can make a copy of the all-purpose account via Active Directory Users and Computers). Does it suffer the same fate as the universal account plagued with the issue?
(C) In Active Directory Users and Computers, check the properties for the universal user account. Make sure it's limited enough that all the users can do is what they're supposed to do. Especially check as was suggested by David Curtis that the box is checked to prevent that user from changing the password. It also might be good to deny that account privileges to log in at the server console.
(D) Change all the other account passwords. If the all-purpose user account is being sabotaged, it might be by the use of different login credentials. In fact, make sure someone hasn't created an additional account for that purpose.
(E) If possible, physically secure the server so that it can't be accessed or tampered with.
(F) You didn't say whether your network is set up as a workgroup or a domain, but there are lots of security advantages to operating a domain. For one thing, each user can have a secure folder for saving documents. For another, it's much easier to keep track of who's using what. Both might forestall recurrences of this issue.
(G) Depending on how your network gets used, you might NOT want to turn off the browser service on the server. I'd check to be sure that service is running. If it's not, that might cause various workstations to wrestle with each other for the status of master browser. There's a registry setting to make sure that a workstation can not assume the master browser role--might be worth it if that's the issue.
(H) Unless it's truly essential, make sure that no one can access the server via Remote Desktop.
I had not heard before that this was anything I needed to look at.
I've found two references with more information -
What puzzles me with the problem that has cropped up at Walden is that
we've been operating for years with no problem. The one big change
recently is getting a few dozen netbooks running Windows 7.
I'll target them first for disabling the browser service.
Bill Clark wrote:
> I have never disabled the browser service ... maybe I should .. we have
> active directory and a WINS server .. I thought the Browser service allowed
> discovery of the network neighborhood (net view) .. not clear on this now...
> So, besides the domain controller(s), we don't need the browser service ?
> Then there is that Windows 7 machine that I will be joining to the network
> today ... I will turn off the browser service if I can figure out how
> (services.msc ?)
> Bill Clark
> Austine School
> -----Original Message-----
> From: School Information Technology Discussion
> [mailto:[log in to unmask]] On Behalf Of Isham, David
> Sent: Tuesday, March 30, 2010 6:23 AM
> To: [log in to unmask]
> Subject: Re: Puzzling problem - password mysteriously invalid
> 3 wild guesses:
> default setting is for 5 incorrect logons to disable the account for 5
> A stuck enter key on a workstation can do this unattended.
> Is the user set so it can't change its own password?
> David Isham
> Network Administrator
> Grand Isle Supervisory Union
> 5038 US Rte 2
> North Hero, VT 05474
> 802-372-6921 vox
> 802-372-4898 fax
> From: School Information Technology Discussion on behalf of Sigurd Andersen
> Sent: Mon 3/29/2010 10:43 PM
> To: [log in to unmask]
> Subject: Puzzling problem - password mysteriously invalid
> We're having a problem at Walden School I can't yet figure out.
> We have a Windows 2003 server that we've been using for many years.
> Students all log on with the same ID/password to join the domain
> and get access to the file server.
> Today we started having problems of the server saying the
> ID/password was invalid. PCs that had logged on earlier were
> connected to the server without a problem, any PC trying to
> connect once the problem started were not able to log on.
> Happens on PCs running Windows XP or Windows 7,
> connected to the network via cable or wirelessly.
> After trying a couple of things, I re-set the password for that ID,
> and students were able to log on again. Later in the day, the same
> thing happened again, and resetting the password fixed things again.
> Other logons (eg, my administrative account) work just fine.
> I'm stumped for now.
> Any thoughts would be appreciated.
> Sigurd Andersen
> 30/3/2010This email may contain information protected under the Family
> Educational Rights and Privacy Act (FERPA)
> or the Health Insurance Portability and Accountability Act (HIPAA). If this
> email contains confidential and/or privileged health or student information
> and you are not entitled to access such information under FERPA or HIPAA,
> federal regulations require that you destroy this email without reviewing it
> and you may not forward it to anyone.