Solved

TS User lockdown / lockdown message

Posted on 2009-05-09
6
351 Views
Last Modified: 2013-12-04
I have to implement secure TS installation, and the solution I've had on my mind is next:

Idea one:
   - user enters wrong password five times
   - servers locks down the user account, and
   - message pops out telling the user that his account has bee locked, and that he should call Help Desk to the phone xxxxxxxxxxx


Idea two:
   - someone tries to log in into the TS without providing correct username for five times
   - the server locks down any log in attempts from that client (internet client / IP) for next 15 minutesof more


How to configure settings like this and how to make a message display after five log-on attempts?

Some TS security practices link?
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 5

Accepted Solution

by:
DTAHARLEV earned 500 total points
ID: 24345789
It'll just happen if you configure a regular GPO to lock users out after 5 failed logon attempts. the standard message is "Your account has been locked. Please contact your system administrator."

As far as locking the workstation, that's more complicated, as the TS will need to first check if a user exists, etc.

I can tell you that we're 100% compliant with all requirements and we only use the lockout policy (well, we have it set to three attempts)
0
 

Author Comment

by:mrmut
ID: 24345837
Thanks, say - I do have GPO with which I can change the lockdow message? (Can't check now.)

For the second question, I think I haven't been clear - I don't wan't to lock the client, but to prevent further log-on attempts from the IP form where logging on with wrong username occurred.


0
 
LVL 5

Expert Comment

by:DTAHARLEV
ID: 24345862
Not sure if and how you can change the message, and also I'm not sure you can have the workstation be locked out even for legitimate attempts. You're probably worried that if someone takes a machine and just tries everyone's password five times he'll end up locking out the entire company pretty fast. Yeah, that is the case... I found out people don't usually do that though -- set auditing levels and you'll have the information in the log, so you know who's messing around.

Also, you can set the account to unlock after say five or ten minutes.
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 

Author Comment

by:mrmut
ID: 24345909
Yeah, you are right.

What you mean when you say that I should set auditing levels? - You mean Audit Log? - That is by default, so it must be something else.

Thanks.
0
 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 500 total points
ID: 24346045
I mean setting the security policy to login events, so the event log will get notices when a failed login occurs, including the calling workstation, etc.

http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx
0
 

Author Comment

by:mrmut
ID: 24346126
Thanks a lot for your help  DTAHARLEV.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question