Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Change password/disable account - password cached?

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 24-04-2008
gbug
 
Posts: n/a
Change password/disable account - password cached?

Hi all, recently had a situation where an employee was dismissed and asked to
leave on the spot. I was aware of this, and changed the password of the
account, and then disabled the account. On their way out, this person passed
their workstation, logged onto their pc WITH their old password, and then
sucessfully sent out an email to someone. I would have thought that because
the password was changed, the exchange server should not let it send as
authentication should not occur.
Can someone please explain to me why this user was a)denied logon access to
their pc, and b) why they could still send an email out.
Also - what are best practices surrounding this? What do others do in this
situation?
Cheers!

Reply With Quote
  #2  
Old 24-04-2008
Lanwench [MVP - Exchange]
 
Posts: n/a
Re: Change password/disable account - password cached?

gbug <gbug@discussions.microsoft.com> wrote:
> Hi all, recently had a situation where an employee was dismissed and
> asked to leave on the spot. I was aware of this, and changed the
> password of the account, and then disabled the account. On their way
> out, this person passed their workstation, logged onto their pc WITH
> their old password, and then sucessfully sent out an email to
> someone. I would have thought that because the password was changed,
> the exchange server should not let it send as authentication should
> not occur.
> Can someone please explain to me why this user was a)denied logon
> access to their pc, and b) why they could still send an email out.
> Also - what are best practices surrounding this? What do others do in
> this situation?
> Cheers!


Are you sure they weren't still logged in? Your change won't take effect
until they log out/in again.

If not - how many DCs do you have? Could be that replication hadn't
completed yet.

The only other thing I can think of is that they'd still be able to log in
using cached credentials (if they unplugged the network cable) - but then
they wouldn't be able to do anything on the network (even if they
reconnected it).

Best practices dictate escorting the recently fired party out of the
building if it's a concern. You can also disable their account rather than
just changing the password, even if it's just temporarily.


Reply With Quote
  #3  
Old 24-04-2008
Paul Bergson [MVP-DS]
 
Posts: n/a
Re: Change password/disable account - password cached?

They must have been logged on at the machine they sat down at.

A better question would be why would you (Or anyone else) allow this
individual to use a company asset after they were asked to leave? A simple
no would probably have worked. I would think you should check the e-mail
that was sent out to verify some other password secrets weren't sent to
someone within the organization.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"gbug" <gbug@discussions.microsoft.com> wrote in message
news:0BE1CB04-C9E9-4745-B4C3-FC7E93C42E4C@microsoft.com...
> Hi all, recently had a situation where an employee was dismissed and asked
> to
> leave on the spot. I was aware of this, and changed the password of the
> account, and then disabled the account. On their way out, this person
> passed
> their workstation, logged onto their pc WITH their old password, and then
> sucessfully sent out an email to someone. I would have thought that
> because
> the password was changed, the exchange server should not let it send as
> authentication should not occur.
> Can someone please explain to me why this user was a)denied logon access
> to
> their pc, and b) why they could still send an email out.
> Also - what are best practices surrounding this? What do others do in this
> situation?
> Cheers!



Reply With Quote
  #4  
Old 25-04-2008
gbug
 
Posts: n/a
Re: Change password/disable account - password cached?

The account was locked out.....
However, the workstation was still logged onto by the user. Im still
confused as to why they would have been able to send an email out if their
account couldnt authenticate properly (due to password change) unless the DC
that the exchange server talked to hadnt received the update to the account.
In future the machine should be logged out also.
Thanks.

"Lanwench [MVP - Exchange]" wrote:

> gbug <gbug@discussions.microsoft.com> wrote:
> > Hi all, recently had a situation where an employee was dismissed and
> > asked to leave on the spot. I was aware of this, and changed the
> > password of the account, and then disabled the account. On their way
> > out, this person passed their workstation, logged onto their pc WITH
> > their old password, and then sucessfully sent out an email to
> > someone. I would have thought that because the password was changed,
> > the exchange server should not let it send as authentication should
> > not occur.
> > Can someone please explain to me why this user was a)denied logon
> > access to their pc, and b) why they could still send an email out.
> > Also - what are best practices surrounding this? What do others do in
> > this situation?
> > Cheers!

>
> Are you sure they weren't still logged in? Your change won't take effect
> until they log out/in again.
>
> If not - how many DCs do you have? Could be that replication hadn't
> completed yet.
>
> The only other thing I can think of is that they'd still be able to log in
> using cached credentials (if they unplugged the network cable) - but then
> they wouldn't be able to do anything on the network (even if they
> reconnected it).
>
> Best practices dictate escorting the recently fired party out of the
> building if it's a concern. You can also disable their account rather than
> just changing the password, even if it's just temporarily.
>
>
>

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Change password/disable account - password cached?"
Thread Thread Starter Forum Replies Last Post
How to Change the Password of your account in Tally.ERP 9 fumble Guides & Tutorials 1 20-04-2011 04:23 PM
Need Password Reset Disk to change password for Windows 7 Alfanumeric Operating Systems 3 11-01-2011 03:06 PM
How to change my POP3 account password? roshan45 Technology & Internet 3 09-10-2009 07:31 PM
how can i change Nokia Messaging account password. rajmalhotra Portable Devices 4 02-09-2009 10:11 PM
Change password for users with blank password: Error Ihit Active Directory 3 06-06-2008 06:21 PM


All times are GMT +5.5. The time now is 01:40 PM.