RE: Windows 2000 user login
From: Robinson, Sonja (SRobinson@HIPUSA.com)
Date: 03/27/03
- Previous message: Bruyere, Michel: "bandwidth monitoring for baystacks"
- Maybe in reply to: Wright, Bill: "Windows 2000 user login"
- Next in thread: nightowlcat@hushmail.com: "Re: Windows 2000 user login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robinson, Sonja" <SRobinson@HIPUSA.com> To: "'Wright, Bill '" <bwright@ny.whitecase.com>, "'security-basics@securityfocus.com '" <security-basics@securityfocus.com> Date: Thu, 27 Mar 2003 15:07:49 -0500
Dump your PDC logs using DumpEVT or similar. Search the log files for the
users user name or by the MS Security Event Code. This will give you all of
the computer names that his account is trying to be accessed from. So in
other words you will locate HIS true machine, plus any machine that may have
a script under his account or if someone is trying to brute force his
account, etc. Your password policy of 30 days is fine and is not the cause.
Most likely it is user disfunction or their is a script/batch file/process
trying to use the account and he forgot about it- which still applies to
user disfunction.
-----Original Message-----
From: Wright, Bill
To: security-basics@securityfocus.com
Sent: 3/26/2003 1:16 PM
Subject: Windows 2000 user login
I have never posted to this board, so hopefully I'm following the right
procedures. My issue is that a user's account keeps getting locked out
due to an aggressive password policy (30 days) and he claims that he
isn't logged into multiple machines nor is he fat fingering his
password. Is anybody aware of a product to find out where or how many
Windows 2000 servers or workstations a user is logged into? My thinking
is that he's logged into multiple machines under an old password that
keeps locking him out.
Thanks,
Bill
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
**********************************************************************
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email.
**********************************************************************
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
- Previous message: Bruyere, Michel: "bandwidth monitoring for baystacks"
- Maybe in reply to: Wright, Bill: "Windows 2000 user login"
- Next in thread: nightowlcat@hushmail.com: "Re: Windows 2000 user login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
