Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

User account Disabled... Still logged in... Still have full access on the network...

Posted on 2008-10-13
5
Medium Priority
?
593 Views
Last Modified: 2012-05-05
This morning I disabled a user.

I pass by his office later today... he's at his desk working like there was no problems.

I look at his account and it's really disabled... hmmmm...

Did a test... I asked a collegue to disable my account while I'm logged in... GUESS WHAT ?!?!?! I STILL HAVE FULL ACCESS EVERYWHERE ?!?!?!?! And I can even send emails without troubles... Is it normal... am I missing a point somewhere here ?!?! User still logged in... ok no problem... but still have full access on the network ???

What the hell is Microsoft thinking ?!?!  It's been 15 minutes now that my account has been disabled... and I still can browse the network...

It's not a question of Replication I did check on both of my DCs and my account IS disabled...

Help me here... I need to understand the logic behind that...
0
Comment
Question by:psytor
5 Comments
 
LVL 7

Accepted Solution

by:
johnny_the_knife earned 1500 total points
ID: 22701232
I suspect the account will remain valid until the user logs off or his Kerberos token expires.
0
 

Author Comment

by:psytor
ID: 22701239
Where can you check the Kerberos token Expiration ?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22701328
Hi psytor,

The user will still be able to work if you don't disable the account on the DC that he's authenticating to.

If the user is still actively working and you disabled the account, then you can just right-click the user account as reset the password. This will force the user to logoff.


Hope this helps.

Cheers.
0
 

Author Comment

by:psytor
ID: 22701347
Hi JoWickerman,

Thanks for your quick reply.

The account was disabled on all DCs. (I confirmed)

And I was still able to access all the ressources... Network drive my email...

For sure once I logged off nothing was accessible... but I mean. This is totally ridiculous from Microsoft isn't it ?!?

Thanks for the hint with the password change tho
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22703678
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question