Interesting finding on locked accounts in ADS

[Russell.Butturini at Healthways.com (Butturini, Russell)]

This works fine if the user was locked out...Props for figuring out one
of my favorite Windows admin tricks!

 

 

________________________________

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Adrian
Crenshaw
Sent: Sunday, October 04, 2009 12:28 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Interesting finding on locked accounts in ADS

 

I just found out something interesting by accident. It seems that if an
account is logged in to a box, but the box is locked, you can not unlock
it with a locked account (too many bad password attempts I think).
However, if you pull the network connection so it has to use cached
credentials it will let you right in, then you can reconnect the network
cable. I'm not sure if it would work if the user was logged out, but if
someone could test and let us know that would be cool. Seems like an
interesting oversight.

Adrian


******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than 
the named recipient of this email, 
and is to be used only for the intended purpose of this communication.
******************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091005/54ab4343/attachment.htm