I think that the issue is that the AD and Remedy are not fully integrated. The expected behavior would be to block all the domain for a user for 30 minutes after three wrong attempts. For instance, in a fully integrated system If I made an attemp to log into a computer, then from another computer I try to log to Sharepoint, and finally I try to connect to the VPN the account is blocked for 30 minutes. Three attempts no matter from.
Under my point of view a bad password should be sent to the AD and the block should come from the AD Jose Manuel Huerta http://theremedyforit.com/ On Thu, Aug 30, 2012 at 8:59 PM, Easter, David <[email protected]> wrote: > I had thought that you meant that it locks it correctly when AD is used, > but not when AD is uninvolved. If the password AD is being restored after > 30 minutes, I expect that's occurring on the AD side of things. I can't > think of a way that AR System would be influencing that situation. You may > want to check with your AD admins. > > According to a Google search, there are three options in AD: > > > http://www.windowsecurity.com/articles/implementing-troubleshooting-account-lockout.html > > The three policy settings are: > > Account lockout duration - How long (in minutes) a locked-out account > remains locked-out (range is 1 to 99,999 minutes). > Account lockout threshold - How many failed logons it will take until the > account becomes locked-out (range is 1 to 999 logon attempts). > Reset account lockout counter after - How long (in minutes) it takes after > a failed logon attempt before the counter tracking failed logons is reset > to zero (range is 1 to 99,999 minutes). > > Sounds like you have the first option is set to 30 minutes. > > -David J. Easter > Manager of Product Management, AR System > BSM & Atrium Solutions Management > BMC Software, Inc. > > The opinions, statements, and/or suggested courses of action expressed in > this E-mail do not necessarily reflect those of BMC Software, Inc. My > voluntary participation in this forum is not intended to convey a role as a > spokesperson, liaison or public relations representative for BMC Software, > Inc. > > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of Easter, David > Sent: Thursday, August 30, 2012 7:43 AM > To: [email protected] > Subject: Re: AD Account Lock-OUT via Remedy > > From the documentation (Configuration Guide): > > To set a maximum number of bad passwords, enter the number in the Max > Number of Password Attempts field in the AR System Administration: Server > Information form (Configuration tab). To turn the feature off (unlimited > number > of bad passwords allowed), set the number to 0 (the default). > > -David J. Easter > Manager of Product Management, AR System > BSM & Atrium Solutions Management > BMC Software, Inc. > > The opinions, statements, and/or suggested courses of action expressed in > this E-mail do not necessarily reflect those of BMC Software, Inc. My > voluntary participation in this forum is not intended to convey a role as a > spokesperson, liaison or public relations representative for BMC Software, > Inc. > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of Bhupesh Gupta > Sent: Thursday, August 30, 2012 7:37 AM > To: [email protected] > Subject: AD Account Lock-OUT via Remedy > > I am looking for any ideas on how to implement/set up account lockup > for multiple unsuccessful login failures. > > We are on version ARS 7.604 SP2 > > Examples: > > > In Active directory when user tries to enter inalid passowrd for the > number of times specified on AD side ,then system will lock user > account automatically. > > In our remedy is AD authenticated, user can enter 10 times invalid > passwords ( login unsuccessful) still 11th time user can enter the > right passowrd and system will allow user to login successfully. > > How do we lockout the user for unsuccessful logins ( 4 timmes may > be).Any suggestions.. > > > > Regards, > Bhupesh Gupta > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
