Solved

User account Disabled... Still logged in... Still have full access on the network...

Posted on 2008-10-13
5
542 Views
Last Modified: 2012-05-05
This morning I disabled a user.

I pass by his office later today... he's at his desk working like there was no problems.

I look at his account and it's really disabled... hmmmm...

Did a test... I asked a collegue to disable my account while I'm logged in... GUESS WHAT ?!?!?! I STILL HAVE FULL ACCESS EVERYWHERE ?!?!?!?! And I can even send emails without troubles... Is it normal... am I missing a point somewhere here ?!?! User still logged in... ok no problem... but still have full access on the network ???

What the hell is Microsoft thinking ?!?!  It's been 15 minutes now that my account has been disabled... and I still can browse the network...

It's not a question of Replication I did check on both of my DCs and my account IS disabled...

Help me here... I need to understand the logic behind that...
0
Comment
Question by:psytor
5 Comments
 
LVL 7

Accepted Solution

by:
johnny_the_knife earned 500 total points
ID: 22701232
I suspect the account will remain valid until the user logs off or his Kerberos token expires.
0
 

Author Comment

by:psytor
ID: 22701239
Where can you check the Kerberos token Expiration ?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22701328
Hi psytor,

The user will still be able to work if you don't disable the account on the DC that he's authenticating to.

If the user is still actively working and you disabled the account, then you can just right-click the user account as reset the password. This will force the user to logoff.


Hope this helps.

Cheers.
0
 

Author Comment

by:psytor
ID: 22701347
Hi JoWickerman,

Thanks for your quick reply.

The account was disabled on all DCs. (I confirmed)

And I was still able to access all the ressources... Network drive my email...

For sure once I logged off nothing was accessible... but I mean. This is totally ridiculous from Microsoft isn't it ?!?

Thanks for the hint with the password change tho
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22703678
0

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now