Solved

Password Lock out

Posted on 2015-01-24
9
313 Views
Last Modified: 2015-01-25
We have users that switch workstations now and then.
Ok if  user1 has used a workstation then he logged off and the user1 username is still sowing up on the log on window. The next user, (user2) will come without paying attention he will type password several times.
** WIll this lock out the previous user (user1) ? I believe the answer is yes.. if he tried many times more than the lock out policy allows.
** but what if a previous user(user1) is already working on another workstation when the user2 was trying several times to login, would still user2 able to lock out user1 ? OR he will not since user1 is already working on another workstation?

Any idea?

Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40568683
Does not matter if User1 has logged in somewhere successfully or not. If you have lockout policy enabled anyone can lockout any other account in the domain as long as they know the username.

Some people like to turn this policy off as it can act as a DoS attack on your own domain.

So the answer is yes User2 will lockout User1. This is why you need to make sure that you are not using user accounts as service accounts and anywhere you cache passwords they need to be changed if you reset your passowrd. Some of the places would be...

- smart phones
- network drives
- services
- scheduled tasks
- Outlook clients
etc

Will.
0
 
LVL 3

Assisted Solution

by:kola12
kola12 earned 100 total points
ID: 40568688
If you don't use domain You should use:
1. Click start and in the run/search box type gpedit.msc
2. Navigate to > Computer Configuration > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and enable the policy

If You have domain:
1. Start Group policy management
2. Navigate to > Computer Configuration > Policies > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and tick to define the policy, and set it to enabled.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40568744
user1 will experience issues once the account is locked when trying to access any network resource shares, etc
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jskfan
ID: 40568795
kola12

that policy is not enabled in our domain

Arnold

so the Account is locked? if user1 locks his computer and tries to log back again he will get account locked message?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 40568822
I think the user may encounter an issue because of their account being locked prior to the user walking away.  I am not sure, but I do believe the user will not be allowed to unlock their locked station after the lockout.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40569133
You most certainly will run into issues if you are already logged in and your password has been locked out.

When you sign-in to your machine you get a token from the domain which allows you to access resources and other authentiction points in your domain (web sites, Outlook, network drives etc) without having to enter a password, it uses the token. This is so that you do not have to re-enter your password everytime you access resources.

However, when you access resources on the domain the token is still referenced againts the domain and if your account is locked out then access is denided to the token, and you start to get error messages when accessing resources.

The account has to be locked out for this to have any affect.

Will.
0
 

Author Comment

by:jskfan
ID: 40569142
I thought it will not get locked out unless if I am not logged in..
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 40569215
Nope that is not true. That is the reason why you should not use your account as a service account and making sure that your cached password have been updated to reflect new password changes like on a smart phones using activesync where your password is cached.

Will.
0
 

Author Closing Comment

by:jskfan
ID: 40569222
Thank you Guys!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question