Re: Welcome Logon Screen locks out accounts

From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 06/24/02 

From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com>
Date: Mon, 24 Jun 2002 12:07:32 -0700

This behavior will be improved in Service Pack 1.

Also, consider a lockout count of 15-25 tries. Statistically it won't make
much difference than using a lockout count of 3 or 5, and it avoids all
sorts of unpleasant side effects. 

--
Eric Fitzgerald
Program Manager, Windows Auditing and Intrusion Detection
Microsoft Corporation
"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:#zf#bzOGCHA.2448@tkmsftngp10...
> You have set the lockout tolerances too low.
> The Welcome screen attempts to log in to all accounts
> that it is displaying with a blank password in order to
> know whether it needs to prompt for a password.
> This generates the failed login events in security log.
>
> If you set the tolerances to something more like 4 or 5
> failed attempts or to reset the count in something like
> 30 minutes your accounts will not lock out.  OTOH, use
> of a setting like 3 attempts in 90 minutes will cause
> lockout.
>
> --
> Roger Abell
> MS MVP (Windows Platform), MCSE, MCDBA
> Associate Expert - Windows XP ExpertZone
> http://www.microsoft.com/windowsxp/expertzone
>
> "Daniel W. Seekins" <aids.md@gte.net> wrote in message
> news:O#CGl6NGCHA.2700@tkmsftngp10...
> > I am using the Welcome logon screen on my XP Pro system.  A while back,
I
> > had a hacker try to logon via the internet, so along with turning off
all
> > incoming internet access, I limited the number of tries a user can miss
> the
> > password before the account is locked out using security policies.  I
also
> > started logging security violations for logons.  I find that every time
I
> > log onto any of the accounts it does a logon failure for all the other
> > accounts listed on the welcome screen (but not the hidden or system
> > accounts).  If you log on to one account too often, the others get
locked
> > out as "bad password."  Anyone else seen this or reproduced it?  Anyone
> know
> > what to do other than abandon theWelcome screen or security precautions?
> > Could this be some kind of virus?
> >
> >
>
>

Relevant Pages

  • Re: Event 529 and 681
    ... Microsoft MVP (Windows Security) ... > The accounts never exists in these groupings. ... > "Roger Abell" wrote in message ... >>> Logon Failure: ...
    (microsoft.public.win2000.security)
  • Re: Unrecognized user accounts in Policy editor
    ... I have concerns about possible security issues. ... Deny logon through teminal svcs.; ... from accounts that you have deleted. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Masses of 529 Errors!
    ... I posted here because it looked like a security issue to me. ... correlation b/ween connection attempts and the failed logon attempt. ... Then what I do is timed account ... You can leave the default which will lockout the user until ...
    (microsoft.public.security)
  • Re: Welcome Logon Screen locks out accounts
    ... > This generates the failed login events in security log. ... > 30 minutes your accounts will not lock out. ... >> I am using the Welcome logon screen on my XP Pro system. ... >> password before the account is locked out using security policies. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Welcome Logon Screen locks out accounts
    ... >> The Welcome screen attempts to log in to all accounts ... >> This generates the failed login events in security log. ... >>> I am using the Welcome logon screen on my XP Pro system. ... >>> password before the account is locked out using security policies. ...
    (microsoft.public.windowsxp.security_admin)