Solved

Password Lock out

Posted on 2015-01-24
9
311 Views
Last Modified: 2015-01-25
We have users that switch workstations now and then.
Ok if  user1 has used a workstation then he logged off and the user1 username is still sowing up on the log on window. The next user, (user2) will come without paying attention he will type password several times.
** WIll this lock out the previous user (user1) ? I believe the answer is yes.. if he tried many times more than the lock out policy allows.
** but what if a previous user(user1) is already working on another workstation when the user2 was trying several times to login, would still user2 able to lock out user1 ? OR he will not since user1 is already working on another workstation?

Any idea?

Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40568683
Does not matter if User1 has logged in somewhere successfully or not. If you have lockout policy enabled anyone can lockout any other account in the domain as long as they know the username.

Some people like to turn this policy off as it can act as a DoS attack on your own domain.

So the answer is yes User2 will lockout User1. This is why you need to make sure that you are not using user accounts as service accounts and anywhere you cache passwords they need to be changed if you reset your passowrd. Some of the places would be...

- smart phones
- network drives
- services
- scheduled tasks
- Outlook clients
etc

Will.
0
 
LVL 3

Assisted Solution

by:kola12
kola12 earned 100 total points
ID: 40568688
If you don't use domain You should use:
1. Click start and in the run/search box type gpedit.msc
2. Navigate to > Computer Configuration > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and enable the policy

If You have domain:
1. Start Group policy management
2. Navigate to > Computer Configuration > Policies > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and tick to define the policy, and set it to enabled.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40568744
user1 will experience issues once the account is locked when trying to access any network resource shares, etc
0
 

Author Comment

by:jskfan
ID: 40568795
kola12

that policy is not enabled in our domain

Arnold

so the Account is locked? if user1 locks his computer and tries to log back again he will get account locked message?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 77

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 40568822
I think the user may encounter an issue because of their account being locked prior to the user walking away.  I am not sure, but I do believe the user will not be allowed to unlock their locked station after the lockout.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40569133
You most certainly will run into issues if you are already logged in and your password has been locked out.

When you sign-in to your machine you get a token from the domain which allows you to access resources and other authentiction points in your domain (web sites, Outlook, network drives etc) without having to enter a password, it uses the token. This is so that you do not have to re-enter your password everytime you access resources.

However, when you access resources on the domain the token is still referenced againts the domain and if your account is locked out then access is denided to the token, and you start to get error messages when accessing resources.

The account has to be locked out for this to have any affect.

Will.
0
 

Author Comment

by:jskfan
ID: 40569142
I thought it will not get locked out unless if I am not logged in..
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 40569215
Nope that is not true. That is the reason why you should not use your account as a service account and making sure that your cached password have been updated to reflect new password changes like on a smart phones using activesync where your password is cached.

Will.
0
 

Author Closing Comment

by:jskfan
ID: 40569222
Thank you Guys!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now