Solved

Password Lock out

Posted on 2015-01-24
9
314 Views
Last Modified: 2015-01-25
We have users that switch workstations now and then.
Ok if  user1 has used a workstation then he logged off and the user1 username is still sowing up on the log on window. The next user, (user2) will come without paying attention he will type password several times.
** WIll this lock out the previous user (user1) ? I believe the answer is yes.. if he tried many times more than the lock out policy allows.
** but what if a previous user(user1) is already working on another workstation when the user2 was trying several times to login, would still user2 able to lock out user1 ? OR he will not since user1 is already working on another workstation?

Any idea?

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40568683
Does not matter if User1 has logged in somewhere successfully or not. If you have lockout policy enabled anyone can lockout any other account in the domain as long as they know the username.

Some people like to turn this policy off as it can act as a DoS attack on your own domain.

So the answer is yes User2 will lockout User1. This is why you need to make sure that you are not using user accounts as service accounts and anywhere you cache passwords they need to be changed if you reset your passowrd. Some of the places would be...

- smart phones
- network drives
- services
- scheduled tasks
- Outlook clients
etc

Will.
0
 
LVL 3

Assisted Solution

by:kola12
kola12 earned 100 total points
ID: 40568688
If you don't use domain You should use:
1. Click start and in the run/search box type gpedit.msc
2. Navigate to > Computer Configuration > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and enable the policy

If You have domain:
1. Start Group policy management
2. Navigate to > Computer Configuration > Policies > Windows settings > Security Settings > Local Policies > Security Options > "Interactive Logon: Do not display last user name" and tick to define the policy, and set it to enabled.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40568744
user1 will experience issues once the account is locked when trying to access any network resource shares, etc
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:jskfan
ID: 40568795
kola12

that policy is not enabled in our domain

Arnold

so the Account is locked? if user1 locks his computer and tries to log back again he will get account locked message?
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 40568822
I think the user may encounter an issue because of their account being locked prior to the user walking away.  I am not sure, but I do believe the user will not be allowed to unlock their locked station after the lockout.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 300 total points
ID: 40569133
You most certainly will run into issues if you are already logged in and your password has been locked out.

When you sign-in to your machine you get a token from the domain which allows you to access resources and other authentiction points in your domain (web sites, Outlook, network drives etc) without having to enter a password, it uses the token. This is so that you do not have to re-enter your password everytime you access resources.

However, when you access resources on the domain the token is still referenced againts the domain and if your account is locked out then access is denided to the token, and you start to get error messages when accessing resources.

The account has to be locked out for this to have any affect.

Will.
0
 

Author Comment

by:jskfan
ID: 40569142
I thought it will not get locked out unless if I am not logged in..
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 40569215
Nope that is not true. That is the reason why you should not use your account as a service account and making sure that your cached password have been updated to reflect new password changes like on a smart phones using activesync where your password is cached.

Will.
0
 

Author Closing Comment

by:jskfan
ID: 40569222
Thank you Guys!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question