Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Password Lock out

We have users that switch workstations now and then.
Ok if  user1 has used a workstation then he logged off and the user1 username is still sowing up on the log on window. The next user, (user2) will come without paying attention he will type password several times.
** WIll this lock out the previous user (user1) ? I believe the answer is yes.. if he tried many times more than the lock out policy allows.
** but what if a previous user(user1) is already working on another workstation when the user2 was trying several times to login, would still user2 able to lock out user1 ? OR he will not since user1 is already working on another workstation?

Any idea?

Thanks
0
jskfan
Asked:
jskfan
  • 3
  • 3
  • 2
  • +1
5 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
Does not matter if User1 has logged in somewhere successfully or not. If you have lockout policy enabled anyone can lockout any other account in the domain as long as they know the username.

Some people like to turn this policy off as it can act as a DoS attack on your own domain.

So the answer is yes User2 will lockout User1. This is why you need to make sure that you are not using user accounts as service accounts and anywhere you cache passwords they need to be changed if you reset your passowrd. Some of the places would be...

- smart phones
- network drives
- services
- scheduled tasks
- Outlook clients
etc

Will.
0
 
kola12Commented:
If you don't use domain You should use:
1. Click start and in the run/search box type gpedit.msc
2. Navigate to > Computer Configuration > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and enable the policy

If You have domain:
1. Start Group policy management
2. Navigate to > Computer Configuration > Policies > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and tick to define the policy, and set it to enabled.
0
 
arnoldCommented:
user1 will experience issues once the account is locked when trying to access any network resource shares, etc
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
jskfanAuthor Commented:
kola12

that policy is not enabled in our domain

Arnold

so the Account is locked? if user1 locks his computer and tries to log back again he will get account locked message?
0
 
arnoldCommented:
I think the user may encounter an issue because of their account being locked prior to the user walking away.  I am not sure, but I do believe the user will not be allowed to unlock their locked station after the lockout.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
You most certainly will run into issues if you are already logged in and your password has been locked out.

When you sign-in to your machine you get a token from the domain which allows you to access resources and other authentiction points in your domain (web sites, Outlook, network drives etc) without having to enter a password, it uses the token. This is so that you do not have to re-enter your password everytime you access resources.

However, when you access resources on the domain the token is still referenced againts the domain and if your account is locked out then access is denided to the token, and you start to get error messages when accessing resources.

The account has to be locked out for this to have any affect.

Will.
0
 
jskfanAuthor Commented:
I thought it will not get locked out unless if I am not logged in..
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Nope that is not true. That is the reason why you should not use your account as a service account and making sure that your cached password have been updated to reflect new password changes like on a smart phones using activesync where your password is cached.

Will.
0
 
jskfanAuthor Commented:
Thank you Guys!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now