Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows 2000 user login

From: Chuck Swiger <cswiger () mac com>
Date: Thu, 27 Mar 2003 11:38:01 -0500
Wright, Bill wrote:

I have never posted to this board, so hopefully I'm following the right procedures.


Mostly.  :-)  (Hitting return every 75 characters or so is preferred.)


My issue is that a user's account keeps getting locked out due to an
aggressive password policy (30 days) and he claims that he isn't logged
into multiple machines nor is he fat fingering his password.  Is anybody
aware of a product to find out where or how many Windows 2000 servers or
workstations a user is logged into? My thinking is that he's logged into
multiple machines under an old password that keeps locking him out.
Event viewer on the domain controller should provide detailed records of authentication failures (including from which machine), so you shouldn't have any problem answering your question.
A 30-day reusable password policy strikes me as silly. Why not switch to OPIE, S/Key, biometrics, or some other strong form of authentication? It'd very probably be easier on your users... 

--
-Chuck


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
Previous By Date Next
Previous By Thread Next

Current thread: