TS User lockdown / lockdown message
I have to implement secure TS installation, and the solution I've had on my mind is next:
Idea one:
- user enters wrong password five times
- servers locks down the user account, and
- message pops out telling the user that his account has bee locked, and that he should call Help Desk to the phone xxxxxxxxxxx
Idea two:
- someone tries to log in into the TS without providing correct username for five times
- the server locks down any log in attempts from that client (internet client / IP) for next 15 minutesof more
How to configure settings like this and how to make a message display after five log-on attempts?
Some TS security practices link?
Idea one:
- user enters wrong password five times
- servers locks down the user account, and
- message pops out telling the user that his account has bee locked, and that he should call Help Desk to the phone xxxxxxxxxxx
Idea two:
- someone tries to log in into the TS without providing correct username for five times
- the server locks down any log in attempts from that client (internet client / IP) for next 15 minutesof more
How to configure settings like this and how to make a message display after five log-on attempts?
Some TS security practices link?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not sure if and how you can change the message, and also I'm not sure you can have the workstation be locked out even for legitimate attempts. You're probably worried that if someone takes a machine and just tries everyone's password five times he'll end up locking out the entire company pretty fast. Yeah, that is the case... I found out people don't usually do that though -- set auditing levels and you'll have the information in the log, so you know who's messing around.
Also, you can set the account to unlock after say five or ten minutes.
Also, you can set the account to unlock after say five or ten minutes.
ASKER
Yeah, you are right.
What you mean when you say that I should set auditing levels? - You mean Audit Log? - That is by default, so it must be something else.
Thanks.
What you mean when you say that I should set auditing levels? - You mean Audit Log? - That is by default, so it must be something else.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot for your help DTAHARLEV.
ASKER
For the second question, I think I haven't been clear - I don't wan't to lock the client, but to prevent further log-on attempts from the IP form where logging on with wrong username occurred.