Sign in with
Sign up | Sign in
Your question

Locked Out Account Unlocks after reboot

Tags:
  • Policy
  • Login
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
December 20, 2004 10:01:07 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I have the account lockout policy set so that only an admin can reset a
locked out account after 5 failed login attempts. This should stay true even
after a reboot but does not. It allows that same user to try to login after
the machine is rebooted. Is there a way to hold this lockout policy even
after the machine has a hard reset?

More about : locked account unlocks reboot

Anonymous
December 20, 2004 1:28:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Why are you even using a lockout policy? Account lockouts are
wonderful attack tools: users can denial-of-service themselves out of
their own accounts, attackers can DoS entire domains.

Account lockout is a security best practice hold-over from the old
days. Now, it just creates more work for your admins and expense for
your company. If you're afraid of password-guessing attacks, then your
passwords aren't strong enough. Enable strong passwords and you can
eliminate password lockouts, thus saving yourself money and time and
freeing up your admins to work on more important things.

Steve Riley
steriley@microsoft.com



"an1076" <an1076@discussions.microsoft.com> wrote in message
news:759B67C9-6E50-4DBC-801A-296E264DA8A9@microsoft.com...
>I have the account lockout policy set so that only an admin can reset
>a
> locked out account after 5 failed login attempts. This should stay
> true even
> after a reboot but does not. It allows that same user to try to
> login after
> the machine is rebooted. Is there a way to hold this lockout policy
> even
> after the machine has a hard reset?
>
>
Anonymous
December 20, 2004 1:49:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

This is for a testing machine in a lab that needs to meet security criteria
to hold classified material. It is a local computer off the network. We are a
small company and there will only be a few users with access to that computer
anyways. So I am using lockout policy due to Department of Defense
requirements. Without this we can not sell classified products.

I have figured out what was happening but still need a solution. After the
5th attempt and the logon screen goes gray there is about a minute before the
account actually gets locked out and the message comes up saying that the
account is locked and that an administrator must unlock it. It was in that
minute that I was ressetting the machine by pressing the power button. Is
there a way to make the lockout immediate or minimize this pause?

Thank you again,
Sean


"Steve Riley [MSFT]" wrote:

> Why are you even using a lockout policy? Account lockouts are
> wonderful attack tools: users can denial-of-service themselves out of
> their own accounts, attackers can DoS entire domains.
>
> Account lockout is a security best practice hold-over from the old
> days. Now, it just creates more work for your admins and expense for
> your company. If you're afraid of password-guessing attacks, then your
> passwords aren't strong enough. Enable strong passwords and you can
> eliminate password lockouts, thus saving yourself money and time and
> freeing up your admins to work on more important things.
>
> Steve Riley
> steriley@microsoft.com
>
>
>
> "an1076" <an1076@discussions.microsoft.com> wrote in message
> news:759B67C9-6E50-4DBC-801A-296E264DA8A9@microsoft.com...
> >I have the account lockout policy set so that only an admin can reset
> >a
> > locked out account after 5 failed login attempts. This should stay
> > true even
> > after a reboot but does not. It allows that same user to try to
> > login after
> > the machine is rebooted. Is there a way to hold this lockout policy
> > even
> > after the machine has a hard reset?
> >
> >
>
>
>
!