|
Posted by Roger Abell [MVP] on March 2, 2006, 8:26 pm
Please log in for more thread options >> Some remote management tools use the admin shares.
>> If you are auditing login attempts you should be seeing logon
>> events of type 3 being recorded, success or failure, for the
>> network login attempts.
>
>> If the lockout policy is configured on the computer that has the share or
>> if the computer is a domain computer and the domain policy has lockout
>> enabled then it should also apply to network logons. If you enforce
>> strong passwords then you can rethink using account lockout which can
>> lead to denial of service attack against uses. FYI if some user gains
>> administrator access then having administrator shares will be among the
>> least of your orries. --- Steve
>
>
> You are both right. I tried to connect (with wrong password) to an admin
> share of a server I was already connected to with another username. I
> guess for this reason it didn't succeed and there was absolutely nothing
> in security log. I tested another server's shares - and yes - I was able
> to lock out the (server's local) admin account and events were logged.
> Thanks.
>
> Antti
>
>
Makes sense.
If you start a new session to a server to which the login is
already connected the new session will use the existing
connection (and its credentials). Hence no failure.
If you attempt explicit mapping with use of different set
of credentials you should get a pop up saying you are
already connected to server with different credentials.
As it does not speak with server, no failure logged there.
| 
XML Sitemap