Re: Is it really true that NTFS is secure?

From: B. Goodman (no@spam.org)
Date: 12/16/02 

From: B. Goodman <no@spam.org>
Date: Mon, 16 Dec 2002 10:44:37 -0500

In article <u5dL92toCHA.1888@TK2MSFTNGP09>, hesterloli@hotmail.com
says...
> "Lock Forever" How? I see it in minutes. Forever is quite a few =
> minutes. This also looks like lockout will be true for all Accounts.
>
> OK the rest of what you suggested I am in the process of doing or have =
> done. Your first suggestion has me scrattching my head. Not sure other =
> then in Group Policy what you are suggesting as I cannot find this =
> lockout policy that is specific to an account nor the "forever" idea.
>
> --=20
> George Hester
> __________________________________
> "B. Goodman" <no@spam.org> wrote in message =
> news:MPG.1863b75bd793e1759896d2@msnews.microsoft.com...
> > In article <ufXDRfmoCHA.2424@TK2MSFTNGP12>, hesterloli@hotmail.com=20
> > says...
> > > Please understand that my machine comes up empty handed on all AV =
> scans =3D
> > > and trojans. I need to find some way of watching when this Group =
> Policy =3D
> > > change happens. Like a log. That tells me the time that it happend =
> or =3D
> > > the responsible party. It doesn't show in Event Viewer.
> > >=20
> > > You know I ran a server W2K prior to this and never had this issue. =
> =3D
> > > Started on Prof full time now and I am battling security it seems =
> every =3D
> > > hour.
> > >=20
> > > --=3D20
> > > George Hester
> > > __________________________________
> > > "George Hester" <hesterloli@hotmail.com> wrote in message =3D
> > > news:OwrkSZmoCHA.2424@TK2MSFTNGP12...
> > > Yes you may be able to help me with something. My Guerst user keeps =
> =3D
> > > getting enabled and put in the Administrator group. How?
> > >=20
> > > --=3D20
> > > George Hester
> > > __________________________________
> > > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message =
> =3D
> > > news:eleuHGkoCHA.1628@TK2MSFTNGP12...
> > > > Do you have a problem we could help you with? Are there more =
> details?
> > > >=3D20
> > > > What does this code have to do with NTFS? I'm sorry if your =
> machine =3D
> > > was
If you set the lockout minutes to "0", notice that the caption changes
from "Account is locked out for:" to "Account is locked out until an
administrator unlocks it." This is not an account-specific setting, as
you correctly surmised.

If your audit logs aren't showing anything, this is surely a curious
matter. Especially if you enable Success and Failure audits of "account
logon events", "account management", "logon events", "policy change",
and "privilege use".

As others here have said, I cannot believe that Windows is doing this
itself. The one thing I might test is trying to log in using the guest
account and the 14-character password I suggested you put on the guest
account. IF Windows itself, though a bug, is taking these actions, I
would still find it amazingly unlikely that it would ever CHANGE THE
PASSWORD on the account by itself. So, if the 14-character password
does NOT still work, I'd say that you MUST have a malware program on
your system. If it does still work, then you may have additional time
to solve your problem since it is unlikely somebody would guess your 14-
character password (assuming you make it VERY tough and that the malware
program, if it exists, is not capturing keystrokes).

Good luck.

Relevant Pages

  • Re: SBS 08, Event ID 2436 Windows SharePoint Services 3 Search
    ... the authentication way is set as Basic or the service account ... Suggestion 1: Disable the loopback check as below KB article. ... Windows SharePoint Services Search ... My logs show SQL ...
    (microsoft.public.windows.server.sbs)
  • Re: 3x Branch Office - Only 1 Domain
    ... suggestion. ... Regards ... > Mike E. wrote: ... >> identity and at present we are using POP, I have the POP account ...
    (microsoft.public.windows.server.sbs)
  • Re: error # 0x800a0046
    ... # The user logon account belongs to the Guests or Limited account groups. ... # The security descriptor does not let authenticated users run Windows ... Resolution Suggestion One: ... Please change your Internet Explorer security settings ...
    (microsoft.public.windowsupdate)
  • Re: Repeated Account lookout!
    ... To help try and track down where the account is getting locked out use ... Use the built in search AccountLockouts and search in the ... Paul Bergson ... Any suggestion to capture the source which is sending the BAD password is ...
    (microsoft.public.windows.server.active_directory)
  • Re: Is it really true that NTFS is secure?
    ... This also looks like lockout will be true for all Accounts. ... Your first suggestion has me scrattching my head. ... >> lockout policy that is specific to an account nor the "forever" idea. ...
    (microsoft.public.security)
Quantcast