Consider the following scenario:
- You have a computer that is running Windows 7, Windows Server 2008 R2, Windows Vista or Windows Server 2008.
- The computer has an account lockout threshold policy applied.
- You create or change multiple tasks in Task Scheduler.
- You select the Run whether user is logged on or not option and clear the Do not store password. The task will only have access to local computer resources option in these tasks.
- You click OK to apply the settings.
In this scenario, the account that is used to create or change these tasks is incorrectly locked. Additionally, some security events that have Event ID 4625 and that resemble the following are added to the Security log:
Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: <date & time> Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: <computer name> Description: An account failed to log on. Subject: Security ID: SYSTEM Account Name: <name> Account Domain: <name> Logon ID: <ID> Logon Type: 4 Account For Which Logon Failed: Security ID: NULL SID Account Name: <name> Account Domain: <name> Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x268 Caller Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: <name> Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0