Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

TS User lockdown / lockdown message

I have to implement secure TS installation, and the solution I've had on my mind is next:

Idea one:
   - user enters wrong password five times
   - servers locks down the user account, and
   - message pops out telling the user that his account has bee locked, and that he should call Help Desk to the phone xxxxxxxxxxx


Idea two:
   - someone tries to log in into the TS without providing correct username for five times
   - the server locks down any log in attempts from that client (internet client / IP) for next 15 minutesof more


How to configure settings like this and how to make a message display after five log-on attempts?

Some TS security practices link?
0
mrmut
Asked:
mrmut
  • 3
  • 3
2 Solutions
 
DTAHARLEVCommented:
It'll just happen if you configure a regular GPO to lock users out after 5 failed logon attempts. the standard message is "Your account has been locked. Please contact your system administrator."

As far as locking the workstation, that's more complicated, as the TS will need to first check if a user exists, etc.

I can tell you that we're 100% compliant with all requirements and we only use the lockout policy (well, we have it set to three attempts)
0
 
mrmutAuthor Commented:
Thanks, say - I do have GPO with which I can change the lockdow message? (Can't check now.)

For the second question, I think I haven't been clear - I don't wan't to lock the client, but to prevent further log-on attempts from the IP form where logging on with wrong username occurred.


0
 
DTAHARLEVCommented:
Not sure if and how you can change the message, and also I'm not sure you can have the workstation be locked out even for legitimate attempts. You're probably worried that if someone takes a machine and just tries everyone's password five times he'll end up locking out the entire company pretty fast. Yeah, that is the case... I found out people don't usually do that though -- set auditing levels and you'll have the information in the log, so you know who's messing around.

Also, you can set the account to unlock after say five or ten minutes.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
mrmutAuthor Commented:
Yeah, you are right.

What you mean when you say that I should set auditing levels? - You mean Audit Log? - That is by default, so it must be something else.

Thanks.
0
 
DTAHARLEVCommented:
I mean setting the security policy to login events, so the event log will get notices when a failed login occurs, including the calling workstation, etc.

http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx
0
 
mrmutAuthor Commented:
Thanks a lot for your help  DTAHARLEV.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now