Solved

TS User lockdown / lockdown message

Posted on 2009-05-09
6
350 Views
Last Modified: 2013-12-04
I have to implement secure TS installation, and the solution I've had on my mind is next:

Idea one:
   - user enters wrong password five times
   - servers locks down the user account, and
   - message pops out telling the user that his account has bee locked, and that he should call Help Desk to the phone xxxxxxxxxxx


Idea two:
   - someone tries to log in into the TS without providing correct username for five times
   - the server locks down any log in attempts from that client (internet client / IP) for next 15 minutesof more


How to configure settings like this and how to make a message display after five log-on attempts?

Some TS security practices link?
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 5

Accepted Solution

by:
DTAHARLEV earned 500 total points
ID: 24345789
It'll just happen if you configure a regular GPO to lock users out after 5 failed logon attempts. the standard message is "Your account has been locked. Please contact your system administrator."

As far as locking the workstation, that's more complicated, as the TS will need to first check if a user exists, etc.

I can tell you that we're 100% compliant with all requirements and we only use the lockout policy (well, we have it set to three attempts)
0
 

Author Comment

by:mrmut
ID: 24345837
Thanks, say - I do have GPO with which I can change the lockdow message? (Can't check now.)

For the second question, I think I haven't been clear - I don't wan't to lock the client, but to prevent further log-on attempts from the IP form where logging on with wrong username occurred.


0
 
LVL 5

Expert Comment

by:DTAHARLEV
ID: 24345862
Not sure if and how you can change the message, and also I'm not sure you can have the workstation be locked out even for legitimate attempts. You're probably worried that if someone takes a machine and just tries everyone's password five times he'll end up locking out the entire company pretty fast. Yeah, that is the case... I found out people don't usually do that though -- set auditing levels and you'll have the information in the log, so you know who's messing around.

Also, you can set the account to unlock after say five or ten minutes.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:mrmut
ID: 24345909
Yeah, you are right.

What you mean when you say that I should set auditing levels? - You mean Audit Log? - That is by default, so it must be something else.

Thanks.
0
 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 500 total points
ID: 24346045
I mean setting the security policy to login events, so the event log will get notices when a failed login occurs, including the calling workstation, etc.

http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx
0
 

Author Comment

by:mrmut
ID: 24346126
Thanks a lot for your help  DTAHARLEV.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question