Re: IUSR lockout

From: S. Pidgorny [MVP] (slavickp_at_yahoo.com)
Date: 08/08/03

Next message: Larry: "unblock"
Previous message: YoKenny: "Re: What are these registry entries?"
In reply to: TwistedPair: "IUSR lockout"
Next in thread: TwistedPair: "Re: IUSR lockout"
Reply: TwistedPair: "Re: IUSR lockout"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 8 Aug 2003 17:21:54 +1000

Let me think... I haven't tried this:

Set account lockout policy to lock an account out after 3 unsuccessful logon
attempts
Make test a virtual directory on the web server (remember: IUSR doesn't have
access to the directory)
Access http://yourserver/test. Authentication dialog will pop up.

Put IUSR_yourserver as the name and rubbish as the password 3 times.

This will probably lock IUSR out. Rename IUSR account and don't disclose it;
use SSL certificate authentication instead.

-- 
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"TwistedPair" <twistedpair@mail.com> wrote in message
news:#Q3aeQWXDHA.1900@TK2MSFTNGP10.phx.gbl...
> All,
> I tried to repeat a problem I was able to get to work before, but I am not
> having any luck.  I thought I was able to create a DOS on a web server by
> locking out the IUSR account at one point.  However, when I lock it out
now,
> I can't seem to get it to cause a DOS.  The links and everything else
seems
> to behave normally even after locking out that account.  Any thoughts on
> what I may be doing wrong?
> FYI, to do this, I created a test directory, and a user named test.  For
the
> test directory, I allowed only the test user, administrators, and system
to
> have access to that folder.  IIS was set to Integrated Auth, and Allow
Anon
> access.  I thought I was able to demonstrate this problem before, but for
> some reason I can't get it to work now.  Thoughts?
>
> Thanks,
> Pair
>
>

Next message: Larry: "unblock"
Previous message: YoKenny: "Re: What are these registry entries?"
In reply to: TwistedPair: "IUSR lockout"
Next in thread: TwistedPair: "Re: IUSR lockout"
Reply: TwistedPair: "Re: IUSR lockout"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Connection.IsolationLevel = adXactSerializable and timeout
... Yup, I expect a Counton a non PK column can result in a table lock, but ... let's say we have a table named Account: ... > So I create a transaction and wrap the SELECT and INSERT inside it. ... >> get the server to answer that a connection is available. ...
(microsoft.public.data.ado)
Re: Connection.IsolationLevel = adXactSerializable and timeout
... let's say we have a table named Account: ... So I create a transaction and wrap the SELECT and INSERT inside it. ... Doesn't INSERT automatically create a table lock? ... > get the server to answer that a connection is available. ...
(microsoft.public.data.ado)
RE: Logon fails on first attempt
... RE Crumbs and Dust: I don't think that this is the issue. ... If I lock the computer, and attempt to unlock the computer, the first time I ... You may think the pointer is active inside the textbox and you type the ... What happen if you created another account and use a password for it, ...
(microsoft.public.windowsxp.general)
Re: Different ways of locking accounts
... Roberto C. Sanchez wrote: ... User accounts may be locked and unlocked with the -l and -u ... account by changing the password back to its previous value. ... -L Lock a user's password. ...
(Debian-User)
Re: Lock Out a User in Win XP home?
... > lock feature of XP is generally useless. ... I do not want to delete the account and probably lose all it's ... > restricted users that can be managed by an admin user ... ...
(microsoft.public.windowsxp.security_admin)