Getting back to the core of the original query, the admin wants to allow
users to logon in order to change their passwords. Go to Account Policies
in user manager for domans and uncheck user must logon to change passwords.
Also, setting Min and Max password ages should notify users in advance to
change passwords.

----- Original Message -----
From: "Talisker" <TaliskerNETWORKINTRUSION.CO.UK>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Tuesday, April 24, 2001 6:54 AM
Subject: Gracefull NT Logoff

> Hi
>
> I'm trying to find a way to logoff users on an NT Domain without them
losing
> their work. The problem is that they are locking their workstations as
> apposed to logging off. Removing the lock workstation facility is not an
> option because of the security advantages to it being there.
> The problem is that they are not being prompted to change their password,
> their account then expires resulting in aproximately multiple failed
logons
> per second this in turn clogs up the Host IDS. I'm working on a solution
to
> aggregate the HIDS alerts but would rather treat the original cause
>
> I realise there is a force log off facility within NT where certain times
> can be set, but as I understand it this is not gracefull and results in
the
> users losing their work.
>
> I'm looking for something that will gracefully log them off in the quiet
> hours, ideally a legitimate MS tool, failing that some commercial
software,
> though may also look at freeware open source tools.
>
> The other tempting solution is to send in "the boys" and beat the culprit
to
> within an inch of their lives.
>
> Yours in Desperation
>
> Andy
> http://www.networkintrusion.co.uk
> Talisker's Network Security Tools List
>
> Security Tools Notification
> http://groups.yahoo.com/group/security-tools/join

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]