When I disable duo with regsvr32 /u, my local account gets locked, why?

amc1 · ‎04-29-2023

Dear,

I’m using the following commands in an elevated prompt to disable duo on the first computer login (so that the programs on the background start):

regsvr32 /u “C:\Program Files\Duo Security\WindowsLogon\DuoCredProv.dll”
regsvr32 /u “C:\Program Files\Duo Security\WindowsLogon\DuoCredFilter.dll”

But after I do this, soon my account gets locked by windows with the following message:

“As a security precaution, the user account has been locked because there were too many login attempts or password change attempts. Wait a while before trying again”

Why is this happening? Can it be prevented while disabling duo initially?

raphka · ‎05-06-2023

Hi amc,
Welcome to the Duo community.

Windows authenticates users using the default Microsoft Windows password credential provider.
The Duo for windows logon protection does not replace or modify this default password credential provider, it simply chains its own credential provider after the default Windows password credential provider.

This means that if your Windows account is being locked out, it is the default windows password provider locking your user out rather than the Duo credential provider, as Duo is not involved in the verification of your username and password.

I suspect whatever scheduled task (or other mechanism) you have created to disable the Duo DLL’s has a configuration error in its authentication passing bad credentials to windows.

Finally i will also note that the Duo protection does not affect the ability for services or service users to run background applications and should not need to be disabled in this way.

The Duo protection will run during LogonUI when a user is authenticating to the system and does not run for service users or background processes that do not interact with LogonUI.