RE: Account Lockout -- ARGH
From: Jannie Hanekom (j_hanekom_at_hotmail.com)
Date: 08/15/03
- Previous message: Tony Gordon: "Re: DNS"
- Maybe in reply to: Grabowski, David: "Account Lockout -- ARGH"
- Next in thread: Kayne Ian (Softlab): "RE: Account Lockout -- ARGH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Fri, 15 Aug 2003 22:25:27 +0100
> If it is indeed the TS connection, you can use Terminal Services Manager
to track it down and kill the session.
If you have a lot of servers to go through, using the "qwinsta
/server:server" and "reset winsta session /server:server" commands MS
inherited from Citrix might also be useful.
I also recall an issue some years back with sound drivers locking out
accounts. I don't think this is still the case in this day and age, but if
you have an old Compaq PC on the network it might still play a role:
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248880
There are also a number of issues in a distributed environment that can
cause lockouts, or apparent lockouts. These almost always involve password
changes in my experience (and apparently in quite a few other people's
opinion.) I'd scour the event logs on the PDC emulator for the last
password change for the affected user and work my way from there. As some
other people have suggested, LogParser
(http://www.microsoft.com/windows2000/downloads/tools/logparser/default.asp)
can be really useful for automating that task. You can then use the MS KB
articles to help you on your way - they're sometimes a bit cryptic, but
there is a lot of information available in them.
Wrt determining if a domain user is logged on INTERACTIVELY onto two
stations at the same time, the only sure way would be to query each
workstation directly. I'm sure there are various tools available for this;
one of them is psloggedon by SysInternals
http://www.sysinternals.com/ntw2k/freeware/pstools.shtml. (This tool might
also be useful in a TS environment.)
Hope that's useful to someone.
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
- Previous message: Tony Gordon: "Re: DNS"
- Maybe in reply to: Grabowski, David: "Account Lockout -- ARGH"
- Next in thread: Kayne Ian (Softlab): "RE: Account Lockout -- ARGH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
