Re: User Notification of Failed Logins and Controlling Concurrent Sess



Don, while there are some utilities that can help you with #2 (including a Resource Kit tool called CConnect), the architecture of SMB networking is such that it's generally not practical to do this. Remember, users can still use domain resources without logging on. They can power up a PC without a network connection, then connect to the network, and directly access resources. If the computer isn't domain-joined, then Windows will prompt them for a user ID and password--which is used to authenticate directly to the destination resource.

Please help me understand what potential security risks you are looking to address with your two requirements. And for #1, how would this information be useful to a user? What action could they take with this knowledge, other than perhaps to be afraid of things they really can't control?

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Don Catanzaro" <Don Catanzaro@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:41DF6FA5-FF82-4D96-9A46-DBA29D26082C@xxxxxxxxxxxxxxxx
I have been searching for a soultion that has been vexxing my Security
program. I work for a large company (+10,000 employees) who utilize Windows
XP on Desktops and we are in the process of moving from Server 2000 to 2003.
I'm looking for a way to do two things within our enviornment:

1) Notify Users upon login how many failed attempts there has been since
their last successful attempt and ;
2) Limit specific users to only one concurrent session.

I haven't really found a good solution for this. Because of the size of the
company, any user can log into any of a 100 DCs and this complicates finding
practical solutions for both of these items.

Thanks in advance for any ideas you folks might have.

.



Relevant Pages

  • Re: [opensuse] fstab: umount as user
    ... Network Operating System concepts.... ... accounts and their settings exist on the ... Secondly, one single mount point for all users is just bad, it won't work. ... If A is member of group 2 they can use resource VI when they log in... ...
    (SuSE)
  • RE: What is an auto-printer?
    ... Windows XP uses Net Crawler to monitor shared resources on the ... network to make it easier to connect to a shared resource. ... or a folder that has just been shared. ... When Windows XP finds a newly-shared resource, it adds an icon for the ...
    (microsoft.public.windows.server.sbs)
  • Re: map network resource out of domain
    ... I want to map a network drive. ... But the shared resource is on a server ... But now the network resource can not be found.... ...
    (microsoft.public.windows.server.networking)
  • Re: Failover Clustering Virtual IP Address
    ... When you install a SQL2000 instance in a cluster, the disk resource ... resource and the network name that your instance will use. ... for the SQL instance to use. ...
    (microsoft.public.sqlserver.clustering)
  • Re: Accessing Cluster Disks from a WEB Application
    ... Dimitris solved his problem by enabling Kerberos but I do not fully ... Windows 2000 introduced Kerberos enabling in Network names with SP3... ... > resource that the share resource is dependent on. ... > 2) This network name is different than the cluster name. ...
    (microsoft.public.windows.server.clustering)