User account security in domain environment

Archived from groups: microsoft.public.win2000.security (More info?)

Hi everyone

I've got a questions, I hope that someone could provide an answer.

Q:
A service runs under a domain user account.
The user account gets locked, but the service is still running.
The service performs file access to various files on the network on a
variety on Windows based servers with NTFS permissions.

Will the service (which is still running) be denied access to files after
some time due to the account lockout status ?

Thanks
1 answer Last reply
More about user account security domain environment
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    If the service is connected to remote computers at the time the account is
    locked out it can stay connected for a period of time. The time will depend
    on how much time is left in the session ticket I believe. The service will
    not be able to make "new" connections to remote computers because
    authentication will fail. Account lockout may not be a good idea in your
    case if you use domain accounts for services. If you enforce complex
    passwords in your domain with a password length of say eight characters,
    have a properly configured firewall, and a good policy to prevent malware
    , account lockout may be of less value for you and a
    possible DOS situation. --- Steve


    "Liran Zamir" <LiranZamir@discussions.microsoft.com> wrote in message
    news:4E4DA48D-0FB6-4843-AEFF-B384FE22DAE6@microsoft.com...
    > Hi everyone
    >
    > I've got a questions, I hope that someone could provide an answer.
    >
    > Q:
    > A service runs under a domain user account.
    > The user account gets locked, but the service is still running.
    > The service performs file access to various files on the network on a
    > variety on Windows based servers with NTFS permissions.
    >
    > Will the service (which is still running) be denied access to files after
    > some time due to the account lockout status ?
    >
    > Thanks
    >
Ask a new question

Read More

Security Domain Windows