Solved

Password Lock out

Posted on 2015-01-24
9
312 Views
Last Modified: 2015-01-25
We have users that switch workstations now and then.
Ok if  user1 has used a workstation then he logged off and the user1 username is still sowing up on the log on window. The next user, (user2) will come without paying attention he will type password several times.
** WIll this lock out the previous user (user1) ? I believe the answer is yes.. if he tried many times more than the lock out policy allows.
** but what if a previous user(user1) is already working on another workstation when the user2 was trying several times to login, would still user2 able to lock out user1 ? OR he will not since user1 is already working on another workstation?

Any idea?

Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40568683
Does not matter if User1 has logged in somewhere successfully or not. If you have lockout policy enabled anyone can lockout any other account in the domain as long as they know the username.

Some people like to turn this policy off as it can act as a DoS attack on your own domain.

So the answer is yes User2 will lockout User1. This is why you need to make sure that you are not using user accounts as service accounts and anywhere you cache passwords they need to be changed if you reset your passowrd. Some of the places would be...

- smart phones
- network drives
- services
- scheduled tasks
- Outlook clients
etc

Will.
0
 
LVL 3

Assisted Solution

by:kola12
kola12 earned 100 total points
ID: 40568688
If you don't use domain You should use:
1. Click start and in the run/search box type gpedit.msc
2. Navigate to > Computer Configuration > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and enable the policy

If You have domain:
1. Start Group policy management
2. Navigate to > Computer Configuration > Policies > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and tick to define the policy, and set it to enabled.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40568744
user1 will experience issues once the account is locked when trying to access any network resource shares, etc
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:jskfan
ID: 40568795
kola12

that policy is not enabled in our domain

Arnold

so the Account is locked? if user1 locks his computer and tries to log back again he will get account locked message?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 40568822
I think the user may encounter an issue because of their account being locked prior to the user walking away.  I am not sure, but I do believe the user will not be allowed to unlock their locked station after the lockout.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40569133
You most certainly will run into issues if you are already logged in and your password has been locked out.

When you sign-in to your machine you get a token from the domain which allows you to access resources and other authentiction points in your domain (web sites, Outlook, network drives etc) without having to enter a password, it uses the token. This is so that you do not have to re-enter your password everytime you access resources.

However, when you access resources on the domain the token is still referenced againts the domain and if your account is locked out then access is denided to the token, and you start to get error messages when accessing resources.

The account has to be locked out for this to have any affect.

Will.
0
 

Author Comment

by:jskfan
ID: 40569142
I thought it will not get locked out unless if I am not logged in..
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 40569215
Nope that is not true. That is the reason why you should not use your account as a service account and making sure that your cached password have been updated to reflect new password changes like on a smart phones using activesync where your password is cached.

Will.
0
 

Author Closing Comment

by:jskfan
ID: 40569222
Thank you Guys!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question