Account locking vs. logon types

Home | NewsGroups | Search | About

microsoft.public.windows.server.security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject

Author

Date

Account locking vs. logon types

Ondrej Sevecek

01-02-2006

Re: Account locking vs. logon types

Steven L Umbach

01-03-2006

Re: Account locking vs. logon types

Ondrej Sevecek

01-04-2006

Re: Account locking vs. logon types

Steven L Umbach

01-04-2006

Re: Account locking vs. logon types

Paul Adare

01-05-2006

Re: Account locking vs. logon types

Steven L Umbach

01-05-2006

Re: Account locking vs. logon types

Ondrej Sevecek

01-07-2006

Posted by Ondrej Sevecek on January 2, 2006, 8:03 am

Please log in for more thread options

Hello,

exactly what kinds of logon locks user accounts if required? I mean the
logon types such as "Interactive", "network", "networkcleartext", "unlock"
etc.

O.

Posted by Steven L Umbach on January 3, 2006, 12:50 pm

Please log in for more thread options

I believe you can only lock an interactive logon and a Terminal Service/RDP
connection to prevent another user accessing the keyboard as you. The link
below may help if you are looking for more information on the logon
pes. --- Steve

http://www.windowsecurity.com/articles/Logon-Types.html

"Ondrej Sevecek" <ondra at my_surname dot com> wrote in message

> Hello,

> exactly what kinds of logon locks user accounts if required? I mean the

> logon types such as "Interactive", "network", "networkcleartext", "unlock"

> etc.

> O.

Posted by Ondrej Sevecek on January 4, 2006, 3:47 am

Please log in for more thread options

yes. I also found the article. I asked the question because I wanted to find
some kinds of logon activity possibly vulnerable to password guessing
attacks.

- IIS/HTTP basic/windows authentication
- IIS/FTP basic authentication
- IIS/Exchange SMTP authentication

all of these as I suppose use "networkcleartext" logon type and so would be
without the locking features. is it right?

O.

>I believe you can only lock an interactive logon and a Terminal Service/RDP

>connection to prevent another user accessing the keyboard as you. The link

>below may help if you are looking for more information on the logon

>s. --- Steve

> http://www.windowsecurity.com/articles/Logon-Types.html

> "Ondrej Sevecek" <ondra at my_surname dot com> wrote in message

>> Hello,

>> exactly what kinds of logon locks user accounts if required? I mean the

>> logon types such as "Interactive", "network", "networkcleartext",

>> "unlock" etc.

>> O.

Posted by Steven L Umbach on January 4, 2006, 4:12 pm

Please log in for more thread options

I am not sure offhand about IIS/Exchange SMTP authentication but basic
authentication does pass the traffic over the network in clear text. However
if the connection is using SSL or ipsec then the password would be secure in
the SSL or ipsec tunnel. Digest authentication also poses a vulnerability in
that the user's password must be stored using reversible encryption. Locking
a computer only prevents unauthorized access to the logged on session via
the keyboard. Locking the keyboard in no may mitigates the risk of using
basic authentication while using SSL or ipsec will. --- Steve

"Ondrej Sevecek" <ondra at my_surname dot com> wrote in message

> yes. I also found the article. I asked the question because I wanted to

> find some kinds of logon activity possibly vulnerable to password guessing

> attacks.

> - IIS/HTTP basic/windows authentication

> - IIS/FTP basic authentication

> - IIS/Exchange SMTP authentication

> all of these as I suppose use "networkcleartext" logon type and so would

> be without the locking features. is it right?

> O.

>>I believe you can only lock an interactive logon and a Terminal

>>Service/RDP connection to prevent another user accessing the keyboard as

>>you. The link below may help if you are looking for more information on

>>the logon s. --- Steve

>> http://www.windowsecurity.com/articles/Logon-Types.html

>> "Ondrej Sevecek" <ondra at my_surname dot com> wrote in message

>>> Hello,

>>>

>>> exactly what kinds of logon locks user accounts if required? I mean the

>>> logon types such as "Interactive", "network", "networkcleartext",

>>> "unlock" etc.

>>>

>>> O.

>>>

Posted by Paul Adare on January 5, 2006, 5:28 am

Please log in for more thread options

microsoft.public.windows.server.security news group, Steven L Umbach

> I am not sure offhand about IIS/Exchange SMTP authentication but basic

> authentication does pass the traffic over the network in clear text. However

> if the connection is using SSL or ipsec then the password would be secure in

> the SSL or ipsec tunnel. Digest authentication also poses a vulnerability in

> that the user's password must be stored using reversible encryption. Locking

> a computer only prevents unauthorized access to the logged on session via

> the keyboard. Locking the keyboard in no may mitigates the risk of using

> basic authentication while using SSL or ipsec will. --- Steve

He's asking given x number of bad password attempts what type of logons
will cause an account to be locked out. He's not referring to locking a
workstation.

> "Ondrej Sevecek" <ondra at my_surname dot com> wrote in message

> > yes. I also found the article. I asked the question because I wanted to

> > find some kinds of logon activity possibly vulnerable to password guessing

> > attacks.

> >

> > - IIS/HTTP basic/windows authentication

> > - IIS/FTP basic authentication

> > - IIS/Exchange SMTP authentication

> >

> > all of these as I suppose use "networkcleartext" logon type and so would

> > be without the locking features. is it right?

> >

> > O.

> >

> >>I believe you can only lock an interactive logon and a Terminal

> >>Service/RDP connection to prevent another user accessing the keyboard as

> >>you. The link below may help if you are looking for more information on

> >>the logon s. --- Steve

> >>

> >> http://www.windowsecurity.com/articles/Logon-Types.html

> >>

> >> "Ondrej Sevecek" <ondra at my_surname dot com> wrote in message

> >>> Hello,

> >>>

> >>> exactly what kinds of logon locks user accounts if required? I mean the

> >>> logon types such as "Interactive", "network", "networkcleartext",

> >>> "unlock" etc.

> >>>

> >>> O.

> >>>

> >>

> >

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
Ca·nadi·an (k-nd-n) adj. & n.
n: An educated, unarmed American with health care.

Similar Threads	Posted
Administrator account locking out	April 1, 2006, 9:22 am
IP of machine locking account?	March 13, 2008, 8:49 am
Computer Account Changed, by NT AUTHORITY\ANONYMOUS LOGON?!	July 3, 2006, 1:48 pm
Excessive computer account logon/logoff loggining on security log	September 12, 2006, 5:23 am
There are currently no logon servers available to service the logon request - how to fix this error? i get it when trying to access a share one hop away.	April 12, 2007, 6:03 pm
Workstations showing logon failures by users can still logon?	November 27, 2007, 6:56 pm
Locking folders but NOT files. How?	January 5, 2007, 9:20 am
Locking Down Domain Controllers	January 26, 2007, 4:46 am
Hacker locking my accounts	March 16, 2008, 5:02 pm
Keeping service accounts from locking	October 13, 2006, 5:14 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap