Results 1 to 4 of 4

Thread: Change password/disable account - password cached?

  1. #1
    gbug Guest

    Change password/disable account - password cached?

    Hi all, recently had a situation where an employee was dismissed and asked to
    leave on the spot. I was aware of this, and changed the password of the
    account, and then disabled the account. On their way out, this person passed
    their workstation, logged onto their pc WITH their old password, and then
    sucessfully sent out an email to someone. I would have thought that because
    the password was changed, the exchange server should not let it send as
    authentication should not occur.
    Can someone please explain to me why this user was a)denied logon access to
    their pc, and b) why they could still send an email out.
    Also - what are best practices surrounding this? What do others do in this
    situation?
    Cheers!

  2. #2
    Lanwench [MVP - Exchange] Guest

    Re: Change password/disable account - password cached?

    gbug <gbug@discussions.microsoft.com> wrote:
    > Hi all, recently had a situation where an employee was dismissed and
    > asked to leave on the spot. I was aware of this, and changed the
    > password of the account, and then disabled the account. On their way
    > out, this person passed their workstation, logged onto their pc WITH
    > their old password, and then sucessfully sent out an email to
    > someone. I would have thought that because the password was changed,
    > the exchange server should not let it send as authentication should
    > not occur.
    > Can someone please explain to me why this user was a)denied logon
    > access to their pc, and b) why they could still send an email out.
    > Also - what are best practices surrounding this? What do others do in
    > this situation?
    > Cheers!


    Are you sure they weren't still logged in? Your change won't take effect
    until they log out/in again.

    If not - how many DCs do you have? Could be that replication hadn't
    completed yet.

    The only other thing I can think of is that they'd still be able to log in
    using cached credentials (if they unplugged the network cable) - but then
    they wouldn't be able to do anything on the network (even if they
    reconnected it).

    Best practices dictate escorting the recently fired party out of the
    building if it's a concern. You can also disable their account rather than
    just changing the password, even if it's just temporarily.



  3. #3
    Paul Bergson [MVP-DS] Guest

    Re: Change password/disable account - password cached?

    They must have been logged on at the machine they sat down at.

    A better question would be why would you (Or anyone else) allow this
    individual to use a company asset after they were asked to leave? A simple
    no would probably have worked. I would think you should check the e-mail
    that was sent out to verify some other password secrets weren't sent to
    someone within the organization.

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "gbug" <gbug@discussions.microsoft.com> wrote in message
    news:0BE1CB04-C9E9-4745-B4C3-FC7E93C42E4C@microsoft.com...
    > Hi all, recently had a situation where an employee was dismissed and asked
    > to
    > leave on the spot. I was aware of this, and changed the password of the
    > account, and then disabled the account. On their way out, this person
    > passed
    > their workstation, logged onto their pc WITH their old password, and then
    > sucessfully sent out an email to someone. I would have thought that
    > because
    > the password was changed, the exchange server should not let it send as
    > authentication should not occur.
    > Can someone please explain to me why this user was a)denied logon access
    > to
    > their pc, and b) why they could still send an email out.
    > Also - what are best practices surrounding this? What do others do in this
    > situation?
    > Cheers!




  4. #4
    gbug Guest

    Re: Change password/disable account - password cached?

    The account was locked out.....
    However, the workstation was still logged onto by the user. Im still
    confused as to why they would have been able to send an email out if their
    account couldnt authenticate properly (due to password change) unless the DC
    that the exchange server talked to hadnt received the update to the account.
    In future the machine should be logged out also.
    Thanks.

    "Lanwench [MVP - Exchange]" wrote:

    > gbug <gbug@discussions.microsoft.com> wrote:
    > > Hi all, recently had a situation where an employee was dismissed and
    > > asked to leave on the spot. I was aware of this, and changed the
    > > password of the account, and then disabled the account. On their way
    > > out, this person passed their workstation, logged onto their pc WITH
    > > their old password, and then sucessfully sent out an email to
    > > someone. I would have thought that because the password was changed,
    > > the exchange server should not let it send as authentication should
    > > not occur.
    > > Can someone please explain to me why this user was a)denied logon
    > > access to their pc, and b) why they could still send an email out.
    > > Also - what are best practices surrounding this? What do others do in
    > > this situation?
    > > Cheers!

    >
    > Are you sure they weren't still logged in? Your change won't take effect
    > until they log out/in again.
    >
    > If not - how many DCs do you have? Could be that replication hadn't
    > completed yet.
    >
    > The only other thing I can think of is that they'd still be able to log in
    > using cached credentials (if they unplugged the network cable) - but then
    > they wouldn't be able to do anything on the network (even if they
    > reconnected it).
    >
    > Best practices dictate escorting the recently fired party out of the
    > building if it's a concern. You can also disable their account rather than
    > just changing the password, even if it's just temporarily.
    >
    >
    >


Similar Threads

  1. How to Change the Password of your account in Tally.ERP 9
    By fumble in forum Guides & Tutorials
    Replies: 1
    Last Post: 20-04-2011, 04:23 PM
  2. Need Password Reset Disk to change password for Windows 7
    By Alfanumeric in forum Operating Systems
    Replies: 3
    Last Post: 11-01-2011, 03:06 PM
  3. How to change my POP3 account password?
    By roshan45 in forum Technology & Internet
    Replies: 3
    Last Post: 09-10-2009, 07:31 PM
  4. how can i change Nokia Messaging account password.
    By rajmalhotra in forum Portable Devices
    Replies: 4
    Last Post: 02-09-2009, 10:11 PM
  5. Change password for users with blank password: Error
    By Ihit in forum Active Directory
    Replies: 3
    Last Post: 06-06-2008, 06:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •