PaulDotCom mailing list archives

Interesting finding on locked accounts in ADS

From: vlape at me.com (Vincent Lape)
Date: Mon, 05 Oct 2009 01:15:03 -0700

This is normal as if the system is not connected to the network it  
will not auth to AD. Reconnecting it to the network will not (at least  
not on my network) allow access to mapped drives, shared folders and  
the like. You can disable cached credentials so if the box would need  
to check back with the DC for each login attempt.


On Oct 4, 2009, at 10:27 AM, Adrian Crenshaw wrote:

I just found out something interesting by accident. It seems that if  
an account is logged in to a box, but the box is locked, you can not  
unlock it with a locked account (too many bad password attempts I  
think). However, if you pull the network connection so it has to use  
cached credentials it will let you right in, then you can reconnect  
the network cable. I'm not sure if it would work if the user was  
logged out, but if someone could test and let us know that would be  
cool. Seems like an interesting oversight.

Adrian
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Interesting finding on locked accounts in ADS Adrian Crenshaw (Oct 04)
- Interesting finding on locked accounts in ADS Jim Halfpenny (Oct 04)
- Interesting finding on locked accounts in ADS Jody & Jennifer McCluggage (Oct 04)
  - Interesting finding on locked accounts in ADS Matt Lye (Oct 04)
    - Webcast Nils (Oct 05)
    - Webcast Robin Wood (Oct 05)
- Interesting finding on locked accounts in ADS Vincent Lape (Oct 05)
- Interesting finding on locked accounts in ADS Butturini, Russell (Oct 05)