smpross
asked on
Disable Account
Hi All,
If I disable a user account while the user is logged on, do they loose access to the network. Or does it allow them access until they log off?
Scott
If I disable a user account while the user is logged on, do they loose access to the network. Or does it allow them access until they log off?
Scott
Irwin Santos
They have access to the session that they are in, but will be prevent from doing anything new. Once they finish the task, then no more access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well what if they have a mapped network drive, but nothing open on the network drive... Won't they continue to be able to access the mapped network drive. And what about email.
Scott
Scott
ASKER
One other question... I have two 2000 servers. If I change the Domain admin password, do I need to reboot the servers? I do not have any services running on either server using this account.
Scott
Scott
Just tested it, and the user can continue to access the shares for which they previously had permissions for, until log out. Should apply to e-mail as well has to do with token assigned at time of login, but I apologize I do not understand the details of that process, perhaps someone else can explain why.
"Well what if they have a mapped network drive, but nothing open on the network drive... Won't they continue to be able to access the mapped network drive. And what about email."
no access to network drive and email
"If I change the Domain admin password, do I need to reboot the servers?"
No. But you should check your services that require a the correct login info to start.
no access to network drive and email
"If I change the Domain admin password, do I need to reboot the servers?"
No. But you should check your services that require a the correct login info to start.
>>"do I need to reboot the servers? "
No you should not have to. Even if services were running using that account and password, they should continue to do so. Next time the service was started it would require the new password. For example a schedule task would continue to run if started, but the next time it ran it would require having the updated password.
Update: Interesting, I can continue to access shares but Exchange no longer recognizes the account once disabled. There was a 5 minute delay, but is asking for legitimate UserName and password when doing a send/receive.
No you should not have to. Even if services were running using that account and password, they should continue to do so. Next time the service was started it would require the new password. For example a schedule task would continue to run if started, but the next time it ran it would require having the updated password.
Update: Interesting, I can continue to access shares but Exchange no longer recognizes the account once disabled. There was a 5 minute delay, but is asking for legitimate UserName and password when doing a send/receive.
ASKER
hmm.... So the shares work but email does not... That is very interesting. I am guess that the same thing is true if I disabled the computer account as well?
Scott
Scott
>>"I am guess that the same thing is true if I disabled the computer account as well?"
Pause........ :-p
I don't know, it is handled differently, and I can't imagine doing that with a potential user being connected at the time. Normally when joining a domain the computer has to be rebooted for the change to affect the computer, so I would assume the same but couldn't say for sure. Perhaps someone else would have more experience with that.
I would have to say, I wouldn't want to count on the out come. I can see in a panic trying to disable a users access but why the computer account?
--Rob
Pause........ :-p
I don't know, it is handled differently, and I can't imagine doing that with a potential user being connected at the time. Normally when joining a domain the computer has to be rebooted for the change to affect the computer, so I would assume the same but couldn't say for sure. Perhaps someone else would have more experience with that.
I would have to say, I wouldn't want to count on the out come. I can see in a panic trying to disable a users access but why the computer account?
--Rob
The connection to a share authenticates the user at the time of connection. So, if certain shares were connected to a user account, at logon time, and five minutes later, you whacked his account, he would still have access. He could disconnect one of the shares, but if he then tried to re-map it, he would get a connection refused error.
The Exchange client either has a configurable period to re-authenticate the user automatically, or another settings are at work on the client, like remote mail type settings.
Whatever the case, the answer to the first question, is based on how each resource authenticates connections. Research that, per resource, and you will be enlightened.
Good Luck
The Exchange client either has a configurable period to re-authenticate the user automatically, or another settings are at work on the client, like remote mail type settings.
Whatever the case, the answer to the first question, is based on how each resource authenticates connections. Research that, per resource, and you will be enlightened.
Good Luck
Thanks smpross,
--Rob
--Rob