?
Solved

Disable Account

Posted on 2006-04-14
11
Medium Priority
?
353 Views
Last Modified: 2010-04-13
Hi All,
If I disable a user account while the user is logged on, do they loose access to the network.  Or does it allow them access until they log off?


Scott
0
Comment
Question by:smpross
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 30

Expert Comment

by:Irwin Santos
ID: 16455375
They have access to the session that they are in, but will be prevent from doing anything new. Once they finish the task, then no more access.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 16455379
Shouldn't disconnect them. They will have to log off before they are locked out.
At a command line  shutdown  -l  \\ComputerName  is supposed to force a log off, but I find it doesn't always work. If you want to go that route you might want to try Sysinternals version. Seems to work better in my opinion:
http://www.sysinternals.com/Utilities/PsShutdown.html
0
 

Author Comment

by:smpross
ID: 16455407
Well what if they have a mapped network drive, but nothing open on the network drive... Won't they continue to be able to access the mapped network drive.  And what about email.

Scott
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 

Author Comment

by:smpross
ID: 16455425
One other question... I have two 2000 servers.  If I change the Domain admin password, do I need to reboot the servers?  I do not have any services running on either server using this account.

Scott
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16455442
Just tested it, and the user can continue to access the shares for which they previously had permissions for, until log out. Should apply to e-mail as well has to do with token assigned at time of login, but I apologize I do not understand the details of that process, perhaps someone else can explain why.
0
 
LVL 30

Expert Comment

by:Irwin Santos
ID: 16455446
"Well what if they have a mapped network drive, but nothing open on the network drive... Won't they continue to be able to access the mapped network drive.  And what about email."
no access to network drive and email

"If I change the Domain admin password, do I need to reboot the servers?"
No. But you should check your services that require a the correct login info to start.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16455484
>>"do I need to reboot the servers? "
No you should not have to. Even if services were running using that account and password, they should continue to do so. Next time the service was started it would require the new password. For example a schedule task would continue to run if started, but the next time it ran it would require having the updated password.

Update: Interesting, I can continue to access shares but Exchange no longer recognizes the account once disabled. There was a 5 minute delay, but is asking for legitimate UserName and password when doing a send/receive.
0
 

Author Comment

by:smpross
ID: 16455583
hmm.... So the shares work but email does not... That is very interesting.  I am guess that the same thing is true if I disabled the computer account as well?


Scott
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16458365
>>"I am guess that the same thing is true if I disabled the computer account as well?"
Pause........  :-p
I don't know, it is handled differently, and I can't imagine doing that with a potential user being connected at the time. Normally when joining a domain the computer has to be rebooted for the change to affect the computer, so I would assume the same but couldn't say for sure. Perhaps someone else would have more experience with that.
I would have to say, I wouldn't want to count on the out come. I can see in a panic trying to disable a users access but why the computer account?
--Rob
0
 
LVL 1

Expert Comment

by:Shanidar
ID: 16519093
The connection to a share authenticates the user at the time of connection. So, if certain shares were connected to a user account, at logon time, and five minutes later, you whacked his account, he would still have access.  He could disconnect one of the shares, but if he then tried to re-map it, he would get a connection refused error.

The Exchange client either has a configurable period to re-authenticate the user automatically, or another settings are at work on the client, like remote mail type settings.  
Whatever the case, the answer to the first question, is based on how each resource authenticates connections.  Research that, per resource, and you will be enlightened.

Good Luck
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16555986
Thanks smpross,
--Rob
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In the below post we have mentioned the best hosting type for startups. Also, check out some of the superlative web hosting companies that are proposing affordable web hosting solutions to host your startup website.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question