How do I prevent windows from passing through the current authentication?
From: Greg Dunbar (dunbargr_at_hotmail.com)
Date: 05/29/03
- Next message: Rich Benack [MS]: "Re: Security patchs"
- Previous message: Cranky: "Associate a certificate to a private key on a smartcard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 May 2003 11:02:58 -0700
When you attempt to connect to a Windows 2000/XP machine from another, which
are not in the same domain, windows attempts to pass the current
authentication before prompting you with the "Enter network password" box.
This is helpful if you have two machines, and create the same account name
and password on each of them.
However... if the account name doesn't exist on the other machine, or the
password is different, windows will still try the current name and password
TEN TIMES before prompting you. (Turn on auditing and check for yourself)
This is causing a problem where users bring in their personal machines, and
use the same account name as the domain here at work but a different
password. This triggers our account lockout policy! So even if they type
the correct password when prompted, they are still locked out.
How can I limit the number of times windows tries to use the current
authentication before prompting?? Or preferably stop windows from trying
the current authentication at all.
TIA
Greg
- Next message: Rich Benack [MS]: "Re: Security patchs"
- Previous message: Cranky: "Associate a certificate to a private key on a smartcard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
