Re: bad logon attempts against the Unlock dialog box don't count
From: Umit AKKUS [MSFT] (umita_at_online.microsoft.com)
Date: 05/27/04
- Next message: Umit AKKUS [MSFT]: "Re: Task Manager"
- Previous message: Fred: "Where is my "password list?"
- In reply to: JuanMedia: "bad logon attempts against the Unlock dialog box don't count"
- Next in thread: JuanMedia: "Re: bad logon attempts against the Unlock dialog box don't count"
- Reply: JuanMedia: "Re: bad logon attempts against the Unlock dialog box don't count"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 May 2004 11:26:29 -0700
Are you trying to unlock the machine with a different user than who has
locked the machine? If so, then the behavior is expected. Otherwise I'm
unable to reproduce the problem (on XP in WS03 domain) you're talking about
below. Can you please send precise steps to reproduce the problem?
Thanks
-- This posting is provided "AS IS" with no warranties, and confers no rights. Umit AKKUS [MSFT] "JuanMedia" <juanmedia@eresmas.com> wrote in message news:15F8CB59-CF39-4474-A3E1-CA4EDA5FCA6A@microsoft.com... > Hi all, > I have a quite weird question to ask about the lock user lockout account > threshold. We have found in the Windows NT, 2K and XP documentation at the > Technet; and also at the msdn websites, this note: > "Note: Bad logon attempts to a workstation against a password-protected > screen saver don't increase the lockout threshold. Similarly, if you lock > a server or workstation using Ctrl+Alt+Delete, bad logon attempts against > the Unlock dialog box don't count." > ...but, oh surprise!, we have tested this against three diferent domains > (including an old WNT), and the behaviour is exactly the oposite, all > failed password attempts count as failed logon. In my opinion this is the > correct way to do the unlocking of a workstation, because if not, it would > be a higly security risk for the users passwords, obiously. The curious > thing is that we have found the above note in several places, but we are > not capable of reproduce that behaviour. In all of our tests we allways > get the user acount locked. > Do you know if this is a documentation "mistake"? > If don't, does someone know how to configure the AD or users workstations, > to achieve the behaviour the above note says? > > The note above is at the Technet here (for XP): > http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/08w2kada.mspx > The msdn note is here: > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/507.asp > > Thankyou very much.
- Next message: Umit AKKUS [MSFT]: "Re: Task Manager"
- Previous message: Fred: "Where is my "password list?"
- In reply to: JuanMedia: "bad logon attempts against the Unlock dialog box don't count"
- Next in thread: JuanMedia: "Re: bad logon attempts against the Unlock dialog box don't count"
- Reply: JuanMedia: "Re: bad logon attempts against the Unlock dialog box don't count"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
