Disable Account

Hi All,
If I disable a user account while the user is logged on, do they loose access to the network.  Or does it allow them access until they log off?


Scott
smprossAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Irwin SantosComputer Integration SpecialistCommented:
They have access to the session that they are in, but will be prevent from doing anything new. Once they finish the task, then no more access.
0
Rob WilliamsCommented:
Shouldn't disconnect them. They will have to log off before they are locked out.
At a command line  shutdown  -l  \\ComputerName  is supposed to force a log off, but I find it doesn't always work. If you want to go that route you might want to try Sysinternals version. Seems to work better in my opinion:
http://www.sysinternals.com/Utilities/PsShutdown.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
smprossAuthor Commented:
Well what if they have a mapped network drive, but nothing open on the network drive... Won't they continue to be able to access the mapped network drive.  And what about email.

Scott
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

smprossAuthor Commented:
One other question... I have two 2000 servers.  If I change the Domain admin password, do I need to reboot the servers?  I do not have any services running on either server using this account.

Scott
0
Rob WilliamsCommented:
Just tested it, and the user can continue to access the shares for which they previously had permissions for, until log out. Should apply to e-mail as well has to do with token assigned at time of login, but I apologize I do not understand the details of that process, perhaps someone else can explain why.
0
Irwin SantosComputer Integration SpecialistCommented:
"Well what if they have a mapped network drive, but nothing open on the network drive... Won't they continue to be able to access the mapped network drive.  And what about email."
no access to network drive and email

"If I change the Domain admin password, do I need to reboot the servers?"
No. But you should check your services that require a the correct login info to start.
0
Rob WilliamsCommented:
>>"do I need to reboot the servers? "
No you should not have to. Even if services were running using that account and password, they should continue to do so. Next time the service was started it would require the new password. For example a schedule task would continue to run if started, but the next time it ran it would require having the updated password.

Update: Interesting, I can continue to access shares but Exchange no longer recognizes the account once disabled. There was a 5 minute delay, but is asking for legitimate UserName and password when doing a send/receive.
0
smprossAuthor Commented:
hmm.... So the shares work but email does not... That is very interesting.  I am guess that the same thing is true if I disabled the computer account as well?


Scott
0
Rob WilliamsCommented:
>>"I am guess that the same thing is true if I disabled the computer account as well?"
Pause........  :-p
I don't know, it is handled differently, and I can't imagine doing that with a potential user being connected at the time. Normally when joining a domain the computer has to be rebooted for the change to affect the computer, so I would assume the same but couldn't say for sure. Perhaps someone else would have more experience with that.
I would have to say, I wouldn't want to count on the out come. I can see in a panic trying to disable a users access but why the computer account?
--Rob
0
ShanidarCommented:
The connection to a share authenticates the user at the time of connection. So, if certain shares were connected to a user account, at logon time, and five minutes later, you whacked his account, he would still have access.  He could disconnect one of the shares, but if he then tried to re-map it, he would get a connection refused error.

The Exchange client either has a configurable period to re-authenticate the user automatically, or another settings are at work on the client, like remote mail type settings.  
Whatever the case, the answer to the first question, is based on how each resource authenticates connections.  Research that, per resource, and you will be enlightened.

Good Luck
0
Rob WilliamsCommented:
Thanks smpross,
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.