Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Disable Windows Account For User Already Logged In

Posted on 2014-04-02
4
Medium Priority
?
545 Views
Last Modified: 2015-03-24
In AD, what's the behavior when a user account is disabled but still logged in?  Will the user still be able to access domain resources, e.g., files, Outlook etc until the user is logged off?
0
Comment
Question by:bsohn417
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:YoursJitu
ID: 39972119
No system will not allow it to access.

When your account is even locked out and if you trying to access any of the shared drives or outlook or trying to execute any active directory users and computers window you will get the error message. System may allow you to log on to the system due to cached password but resources which are online like outlook or file share will not work.
0
 
LVL 9

Accepted Solution

by:
Lee Ingalls earned 1000 total points
ID: 39972204
I've found in a MS Server 2008 r2 AD domain user account that has been disabled; the active login retains access to the resources until logged out. From the server you can close open files and disconnect or force logoff.

I just tested to verify... the Windows 7 Client logged into domain\test1 retained access to shares and mapped drives. After account had been disabled in the AD; the user stilled logged in, but no AD/network resources were available.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 39976012
If I am not completely mistaken, this is what the Kerberos ticket lifetime is about. He will have access until his ticket expires.
Ticket lifetime can be adjusted, but not after he got it.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39976128
Oh, and even when his ticket expires, he will still be able to access resources he was on in this session. But he won't be able to connect to new resources.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question