Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows 2000 user login

From: "dave" <dave () netmedic net>
Date: Sat, 29 Mar 2003 14:12:19 -0500
Ok you guys can Start making fun of me any time you want.... 
You do not want/need the -n in the end there  :o(



-----Original Message-----
From: dave [mailto:dave () netmedic net] 
Sent: Friday, March 28, 2003 14:01
To: 'Su Wadlow'; security-basics () securityfocus com; bwright () ny whitecase com
Subject: RE: Windows 2000 user login

Instead of buying something, might you try:

Nbtstat -A 192.168.0.0 -n

Sub your IP address of course.

Now you could write a batch to do all in one shot something like 

Nbtstat -A 192.168.0.0 -n > whoislogon.txt
Nbtstat -A 192.168.0.1 -n >> whoislogon.txt
Nbtstat -A 192.168.0.2 -n >> whoislogon.txt
Nbtstat -A 192.168.0.3 -n >> whoislogon.txt
Nbtstat -A 192.168.0.4 -n >> whoislogon.txt
Notepad.exe whoislogon.exe


This would list all your IP's and who was logged on them.



Dave


 
_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net

 

-----Original Message-----
From: Su Wadlow [mailto:swadlow () utdallas edu] 
Sent: Thursday, March 27, 2003 11:26
To: security-basics () securityfocus com
Subject: Re: Windows 2000 user login

--On Wednesday, March 26, 2003 1:16 PM -0500 "Wright, Bill" 
<bwright () ny whitecase com> wrote:


I have never posted to this board, so hopefully I'm following the
right procedures.  My issue is that a user's account keeps getting
locked out due to an aggressive password policy (30 days) and he
claims that he isn't logged into multiple machines nor is he fat
fingering his password.  Is anybody aware of a product to find out
where or how many Windows 2000 servers or workstations a user is
logged into?  My thinking is that he's logged into multiple machines
under an old password that keeps locking him out.


I personally don't know of ways to determine the number or location(s)
of workstation(s) a user is logged in to, but here are other issues
that could be causing the account lockout on just the one workstation:

* A service that runs in the user's context instead of the SYSTEM
  context and that occasionally has to communicate with a domain
  server.
* Specialty software that has to store the user's password and that
  communicates with a domain server and somehow passes that password
  to the server.
* If you're using Exchange and the user has the mailbox open in
  Outlook when he changes his password, Outlook will still touch the
  Exchange server with the old password (like at mail checks).  If the
  user just locks his workstation and doesn't log out, the account will
  keep getting locked out.
* Persistant network drive mappings can sometimes retain knowledge of
  an old password.

-- 
Su Wadlow
swadlow () utdallas edu
Faculty/Staff Support

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1





-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1





-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
Previous By Date Next
Previous By Thread Next

Current thread: