Link to home
Create AccountLog in
Avatar of INeedYourHelp00
INeedYourHelp00

asked on

Locking out a user from an SBS 2003 R2 network? Does it take just the 1 step I am thinking it does?

Happy New Year!  Anyone out there?  

I think I hit the egg nog too early so I'd like to ask here to make sure I am not missing anything.

A client just called saying an employee's account / access needs to be terminated.  The police took the guy away today (12/31 - he'll have a fun new years eve behind bars).  I am not aware of the details of why but I want to make sure I cover all the bases.

On the SBS 2003 R2 box, we changed the password for this person's account.  That keeps them out of the network either by sitting at a PC on the LAN or by RWW, correct?  

I didn't disable the account because that keeps the mail addressed to him from being delivered, correct?  The client said he'll think about who should get that person's mail going forward.  But for now he just wanted to keep this guy out of the network.

That 1 step (changing the password to something long and complex or in server management, disabling the account) will accomplish keeping that person out?

Thank you, and have a happy new year!
SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Even though they may be busy with the Police for a while - if you just change the password on the account - they could theoretically fire up a brute force password attack on the account.  If it is disabled - then it will prevent this from happening.
Avatar of INeedYourHelp00
INeedYourHelp00

ASKER

brute force attack: true, but you have the account lockout / etc. settings to keep that happening with any account.

disable - legitimate mail may still come in so at least for the short term, I'm opting for the ability for the system to accept it by not disabling the account.  I wasn't sure about that - disabled doesn't accept mail / no mailbox?  But you can forward mail coming into a disabled account, right? To another employee in the domain, etc.?
 
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Give some thought to other passwords that he might have known or might be exposed.  It might be the right time to change access controls to critical systems or users.
Changing the password prevents the user from accessing the resources while the email continuous to flow.
Disabling the account prevents the user from logging in as any emails will likely be rejected as undeliverable.

Cached credentials could still let the user in with the old password provided a DC is not within range of the system at the time of logon.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
What Service Pack is your Exchange Server at?
Thanks.  I have to check the version.  should be fully patched.