Password lock out queries

A couple of questions on password lockouts in a Windows 2003/2008 environment.

I often leave myself logged in to servers overnight so that when I come in the next day I can just connect up again to the session. Sometimes, I can be logged in/disconnected from servers for a few days.

If say, I logged into ServerA and then disconnected my sessoin (but it was still live) on Monday, but then Tuesday I changed my password. Is there a risk that my account would get locked out because that session still has my old password?

Secondly, these password lockouts due to invalid passwords - are they for a certain time only or until someone actually unlocks it?
LVL 1
Joe_BuddenAsked:
Who is Participating?
 
Brian PierceConnect With a Mentor PhotographerCommented:
A password lockout cannot occur until you log in again

The length of the lockout is determined by the policy in place - if can range from 0 to forever (until and admin unlocks it)

see http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Security/AccountLockoutPolicies.html

BTW - very bad practice to keep logged in as you describe.
0
 
Joe_BuddenAuthor Commented:
Hi

Thanks for the heads up, why is it bad out of interest?

Regarding this comment:

"A password lockout cannot occur until you log in again"

If I entered the new pwd correctly, then there is no issue - from a password lockout point of view - of staying logged on/disconnected?
0
 
Brian PiercePhotographerCommented:
If you leave a session active then there is always the risk of someone taking over the session - why risk any compromise - unless the session is in use then why leave it open

I don't understand your final comment - a password lockout can only occur when the password is authenticated.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.