Solved

User account Disabled... Still logged in... Still have full access on the network...

Posted on 2008-10-13
5
571 Views
Last Modified: 2012-05-05
This morning I disabled a user.

I pass by his office later today... he's at his desk working like there was no problems.

I look at his account and it's really disabled... hmmmm...

Did a test... I asked a collegue to disable my account while I'm logged in... GUESS WHAT ?!?!?! I STILL HAVE FULL ACCESS EVERYWHERE ?!?!?!?! And I can even send emails without troubles... Is it normal... am I missing a point somewhere here ?!?! User still logged in... ok no problem... but still have full access on the network ???

What the hell is Microsoft thinking ?!?!  It's been 15 minutes now that my account has been disabled... and I still can browse the network...

It's not a question of Replication I did check on both of my DCs and my account IS disabled...

Help me here... I need to understand the logic behind that...
0
Comment
Question by:psytor
5 Comments
 
LVL 7

Accepted Solution

by:
johnny_the_knife earned 500 total points
ID: 22701232
I suspect the account will remain valid until the user logs off or his Kerberos token expires.
0
 

Author Comment

by:psytor
ID: 22701239
Where can you check the Kerberos token Expiration ?
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22701328
Hi psytor,

The user will still be able to work if you don't disable the account on the DC that he's authenticating to.

If the user is still actively working and you disabled the account, then you can just right-click the user account as reset the password. This will force the user to logoff.


Hope this helps.

Cheers.
0
 

Author Comment

by:psytor
ID: 22701347
Hi JoWickerman,

Thanks for your quick reply.

The account was disabled on all DCs. (I confirmed)

And I was still able to access all the ressources... Network drive my email...

For sure once I logged off nothing was accessible... but I mean. This is totally ridiculous from Microsoft isn't it ?!?

Thanks for the hint with the password change tho
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22703678
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question