Results 1 to 4 of 4

Thread: Active Directory 2003 Account Disable Bypass trick

  1. #1
    Join Date
    Oct 2005
    Posts
    61

    Active Directory 2003 Account Disable Bypass trick

    HI, we are running a Windows Server 2003 with Domain Controller. Sometimes for security reason I need to disable an account in active directory for users and computers. When I do this obviously user cannot login. But if the user turns off the WLAN Switch or if he simply removes the LAN cable he is able to log in normally which should not be happened, right?

    So is there any workaround for the same? I mean is there any way I can force my system to store account status (disabled or not) with the log in credentials ? If yes, please let me know how ?

    Thank you.

  2. #2
    Join Date
    Sep 2004
    Posts
    56

    Re: Active Directory 2003 Account Disable Bypass trick

    Well the users are able to login using "Cached Credentials". Though they can login, they wont be able to use any Network Resources. However there is a way using which you can disable it. You will need to disable credential caching on the client for the same. But note that doing this will also impact on mobile or laptop users . They also wont be able to log on to their machines when they are not on network.

    Still if you want here is the Group Policy for this you need to enable on the client machines is:

    "Interactive Logon: Number of previous logons to cache" - change it from 10 to 0.

  3. #3
    Join Date
    Sep 2004
    Posts
    156

    Re: Active Directory 2003 Account Disable Bypass trick

    Here is how you can remove the ‘Cached Credentials’. Just go to :
    • Computer configuration
    • windows settings
    • security settings
    • local policies
    • security options
    • in the right pane "Interactive logon: Number of previous logons to cache"

  4. #4
    Join Date
    Oct 2005
    Posts
    61

    Re: Active Directory 2003 Account Disable Bypass trick

    Thank you very much for the guys. I understood your points and I would also like the mobile users to be able to loggin. So my question here is why does not windows wont stores the account status with cached credentials. If I disable any user, he can login by unplugging LAN.. and thats what i want to prevent

Similar Threads

  1. how to disable copy cut paste with active directory?
    By Sasanka Fernando in forum Windows Security
    Replies: 1
    Last Post: 04-03-2011, 11:22 AM
  2. Active Directory Account lockout
    By bigboy in forum Active Directory
    Replies: 3
    Last Post: 12-02-2010, 01:36 AM
  3. Active Directory Same Account name
    By I M Zero in forum Software Development
    Replies: 3
    Last Post: 22-07-2009, 10:04 PM
  4. Replies: 5
    Last Post: 19-02-2009, 06:49 PM
  5. How to find Account creation date in Active Directory
    By MilesAway in forum Active Directory
    Replies: 2
    Last Post: 12-12-2008, 06:50 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,638,261,056.18432 seconds with 17 queries