Re: Windows 2000 user login

[Su Wadlow <swadlow () utdallas edu>]

--On Wednesday, March 26, 2003 1:16 PM -0500 "Wright, Bill" 
<bwright () ny whitecase com> wrote:

> I have never posted to this board, so hopefully I'm following the
> right procedures.  My issue is that a user's account keeps getting
> locked out due to an aggressive password policy (30 days) and he
> claims that he isn't logged into multiple machines nor is he fat
> fingering his password.  Is anybody aware of a product to find out
> where or how many Windows 2000 servers or workstations a user is
> logged into?  My thinking is that he's logged into multiple machines
> under an old password that keeps locking him out.

I personally don't know of ways to determine the number or location(s)
of workstation(s) a user is logged in to, but here are other issues
that could be causing the account lockout on just the one workstation:

* A service that runs in the user's context instead of the SYSTEM
 context and that occasionally has to communicate with a domain
 server.
* Specialty software that has to store the user's password and that
 communicates with a domain server and somehow passes that password
 to the server.
* If you're using Exchange and the user has the mailbox open in
 Outlook when he changes his password, Outlook will still touch the
 Exchange server with the old password (like at mail checks).  If the
 user just locks his workstation and doesn't log out, the account will
 keep getting locked out.
* Persistant network drive mappings can sometimes retain knowledge of
 an old password.

--
Su Wadlow
swadlow () utdallas edu
Faculty/Staff Support

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1