Users can log on after account is locked out
in [Windows Servers]
|
From: pete0085 on 25 Jun 2010 12:45 I am having problems figuring this out. If a user enters the wrong password 3 times, they are locked out and displays a message. If they enter the correct password the next time, it allows them to log on to the computer, but their account is locked out and have no access to the network. Why does it allow them to do this? Should it not display a message you are locked out and not allow you to log on at all? The DC is Windows 2003 standard and all of the workstations are XP Prof. Thanks.
From: Meinolf Weber [MVP-DS] on 26 Jun 2010 05:44 Hello pete0085, How are the GPO settings configured in the policy on domain level for account lockout, please post them here? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I am having problems figuring this out. > > If a user enters the wrong password 3 times, they are locked out and > displays a message. If they enter the correct password the next time, > it allows them to log on to the computer, but their account is locked > out and have no access to the network. > > Why does it allow them to do this? Should it not display a message > you are locked out and not allow you to log on at all? > > The DC is Windows 2003 standard and all of the workstations are XP > Prof. > > Thanks. >
From: pete0085 on 28 Jun 2010 15:27 Account lockout duration: 0 Account lockout threshold: 3 Reset Account Lockout: 30 minutes The thing that concerns me is you are allowed to access the computer even if you don't have access to outlook or any shared network resources. The account will be locked out, but don't believe they should be able to sucessfully logon to windows even if they enter the correct password the 4th attempt. "Meinolf Weber [MVP-DS]" wrote: > Hello pete0085, > > How are the GPO settings configured in the policy on domain level for account > lockout, please post them here? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I am having problems figuring this out. > > > > If a user enters the wrong password 3 times, they are locked out and > > displays a message. If they enter the correct password the next time, > > it allows them to log on to the computer, but their account is locked > > out and have no access to the network. > > > > Why does it allow them to do this? Should it not display a message > > you are locked out and not allow you to log on at all? > > > > The DC is Windows 2003 standard and all of the workstations are XP > > Prof. > > > > Thanks. > > > > > . >
From: Meinolf Weber [MVP-DS] on 29 Jun 2010 01:58 Hello pete0085, When using the "Account lockout threshold" you have also to define the "Account lockout duration", it must be greater than or equal to the "Reset Account lockout counter after" time. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Account lockout duration: 0 > > Account lockout threshold: 3 > > Reset Account Lockout: 30 minutes > > The thing that concerns me is you are allowed to access the computer > even if you don't have access to outlook or any shared network > resources. The account will be locked out, but don't believe they > should be able to sucessfully logon to windows even if they enter the > correct password the 4th attempt. > > "Meinolf Weber [MVP-DS]" wrote: > >> Hello pete0085, >> >> How are the GPO settings configured in the policy on domain level for >> account lockout, please post them here? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I am having problems figuring this out. >>> >>> If a user enters the wrong password 3 times, they are locked out and >>> displays a message. If they enter the correct password the next >>> time, it allows them to log on to the computer, but their account is >>> locked out and have no access to the network. >>> >>> Why does it allow them to do this? Should it not display a message >>> you are locked out and not allow you to log on at all? >>> >>> The DC is Windows 2003 standard and all of the workstations are XP >>> Prof. >>> >>> Thanks. >>> >> . >>
|
Pages: 1 Prev: Simple NTFS task, can't figure it out!? Next: Move TS CAL from one server to another |