![]() Outlook and Outlook Web Access If you are using email clients to access mail stored on an Exchange server, and the client has cached the password for the account, the multiple attempts made to access the user's mail could result in a locked-out account.ĭisconnected terminal-server sessions Terminal-server sessions from which a user has disconnected will remain running on the server. Persistent drive mappings If a user has a persistent drive mapping, and that mapping has an incorrect or old password, the account associated with the mapped drive could become locked as the user attempts to access it. Most of the common account-lockout problems can be resolved by installing the latest service pack from Microsoft. Cached credentials or mapped drives that attempt to connect with invalid credentials could also cause lockouts if this setting is too low.ĭomain controllers are instructed to deny the last two passwords that a user has used if these two passwords are entered, they will not increment the bad-password count. If this setting is too low, you could cause a false lockout as programs attempt to access resources. Reset Account Lockout Counter After setting You should consider keeping this setting at the default level of 30 minutes or higher. If the user changes her or his password but the program still has the credentials cached, the user's account could become locked by the program trying to authenticate. Programs Several programs store a user's credentials so that the program can access resources that it requires. The most common causes of account lockouts are discussed here: Another potential problem occurs if you have the settings too restrictive and you do not reset the bad-password count when users authenticate they could become locked out of their accounts because of scripts that map drives because the scripts have the wrong password associated with them. ![]() ![]() If they are not restrictive enough, you potentially open up a security hole that will allow accounts to be attacked. If the settings are too restrictive, users will lock themselves out by mistyping their passwords. Having the ability to lock out accounts when they are being attacked is a great security feature however, this policy can cause some headaches. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |