Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Disable Windows Account For User Already Logged In

Posted on 2014-04-02
4
Medium Priority
?
598 Views
Last Modified: 2015-03-24
In AD, what's the behavior when a user account is disabled but still logged in?  Will the user still be able to access domain resources, e.g., files, Outlook etc until the user is logged off?
0
Comment
Question by:bsohn417
  • 2
4 Comments
 
LVL 2

Expert Comment

by:YoursJitu
ID: 39972119
No system will not allow it to access.

When your account is even locked out and if you trying to access any of the shared drives or outlook or trying to execute any active directory users and computers window you will get the error message. System may allow you to log on to the system due to cached password but resources which are online like outlook or file share will not work.
0
 
LVL 9

Accepted Solution

by:
Lee Ingalls earned 1000 total points
ID: 39972204
I've found in a MS Server 2008 r2 AD domain user account that has been disabled; the active login retains access to the resources until logged out. From the server you can close open files and disconnect or force logoff.

I just tested to verify... the Windows 7 Client logged into domain\test1 retained access to shares and mapped drives. After account had been disabled in the AD; the user stilled logged in, but no AD/network resources were available.
0
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 39976012
If I am not completely mistaken, this is what the Kerberos ticket lifetime is about. He will have access until his ticket expires.
Ticket lifetime can be adjusted, but not after he got it.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39976128
Oh, and even when his ticket expires, he will still be able to access resources he was on in this session. But he won't be able to connect to new resources.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question