Solved

User account Disabled... Still logged in... Still have full access on the network...

Posted on 2008-10-13
5
584 Views
Last Modified: 2012-05-05
This morning I disabled a user.

I pass by his office later today... he's at his desk working like there was no problems.

I look at his account and it's really disabled... hmmmm...

Did a test... I asked a collegue to disable my account while I'm logged in... GUESS WHAT ?!?!?! I STILL HAVE FULL ACCESS EVERYWHERE ?!?!?!?! And I can even send emails without troubles... Is it normal... am I missing a point somewhere here ?!?! User still logged in... ok no problem... but still have full access on the network ???

What the hell is Microsoft thinking ?!?!  It's been 15 minutes now that my account has been disabled... and I still can browse the network...

It's not a question of Replication I did check on both of my DCs and my account IS disabled...

Help me here... I need to understand the logic behind that...
0
Comment
Question by:psytor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Accepted Solution

by:
johnny_the_knife earned 500 total points
ID: 22701232
I suspect the account will remain valid until the user logs off or his Kerberos token expires.
0
 

Author Comment

by:psytor
ID: 22701239
Where can you check the Kerberos token Expiration ?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22701328
Hi psytor,

The user will still be able to work if you don't disable the account on the DC that he's authenticating to.

If the user is still actively working and you disabled the account, then you can just right-click the user account as reset the password. This will force the user to logoff.


Hope this helps.

Cheers.
0
 

Author Comment

by:psytor
ID: 22701347
Hi JoWickerman,

Thanks for your quick reply.

The account was disabled on all DCs. (I confirmed)

And I was still able to access all the ressources... Network drive my email...

For sure once I logged off nothing was accessible... but I mean. This is totally ridiculous from Microsoft isn't it ?!?

Thanks for the hint with the password change tho
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22703678
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question