Announcement

Collapse
No announcement yet.

Autologon and a password change- who wins?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Autologon and a password change- who wins?

    I've tested this scenario and come up with very suspect results. I setup a test machine to auto logon (using the instructions at http://support.microsoft.com/kb/315231). This tested OK

    I then logged onto the DC and changed the user's password to something different now expecting the autologon to fail. Suprisingly, the WinXP machine logged on automatically as if nothing was wrong. I was able to access the net thru ISA, access servers, etc.

    I did find, tho, that when the screensaver kicks in with the "On Resume, password protect" option set, it didn't allow me to get back to the machine's OS! I had to power cycle to get back in.

    How is this possible? The Autologon has the correct username, domain and the now wrong password in the registry.

    Thanks.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Autologon and a password change- who wins?

    Hi,

    Change the password for the user and check couple of things:

    1. Run LockoutStatus.exe on DC to check, where this changed password has been replicated.

    2. On XP box run the "Set l" command to verify the logon server.

    Now check weather password info has been replictaed to this authenticating DC or not.

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: Autologon and a password change- who wins?

      Any chance you are falling back to NTLM and being affected by this: http://support.microsoft.com/kb/906305 ?
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Autologon and a password change- who wins?

        Kapil,

        This morning I turned the test workstation on and it tried to logon automatically but then gave me this error dialog:

        Unable to log you on because your account has been locked out....

        Lockoutstatus on the DC shows the account is locked. I also see:

        CRS-DC1, User status := Locked, Bad Pwd Count := 0, Last Bad Pwd := 23/10/2007 11:12:28 PM, Pwd Last Set := 2/11/2007 4:40:10 PM, Locklout Time := 2/11/2007 11:53:11 PM, Orig Lock := CLA-DC1

        CLA-DC1, User status := Locked, Bad Pwd Count := 3, Last Bad Pwd := 2/11/2007 11:53:11 PM, Pwd Last Set := 2/11/2007 4:40:10 PM, Locklout Time := 2/11/2007 11:53:11 PM, Orig Lock := CLA-DC1

        Looks like the account is locking late at night, but no one is using it!?

        SET L shows:

        LOGONSERVER=\\CLA-DC1

        CRS-DC1 is the DC for our other site.

        I reset the password for my test users and rebooted the test workstation and now it will not log on stating that the users logon credentials are not correct. Can't understand why this behaviour has suddenly changed! But at least it's now doing what I assumed it should have done from the start.



        GuyT,

        No I don't think so. I've checked the DC and that value does not exist. But that is a very handy link. I've posted a question regarding how long it takes to propagate a password change wrt users being able to use systems in other sites immediately after changing their password and this might work (http://forums.petri.com/showthread.php?t=19367), but I've noticed that you already have answered that one! Thanks.
        Last edited by JDMils; 5th November 2007, 01:20.
        |
        +-- JDMils
        |
        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
        |

        Comment


        • #5
          Re: Autologon and a password change- who wins?

          That's great.......

          Although password change comes under urgent replication but what I have seen many times in past that password change did not get replicated to few DCs. In this case if client gets authentication from the DC where password change has not been replicated, users might get authenticated even with their old passwords.

          But it's really vary rare as most of the times this attribute gets replicated instently.

          Regards,
          Kapil Sharma
          ~~~~~~~~~~~~~
          Life is too short, Enjoy It.

          Comment

          Working...
          X