Good afternoon all:
My boss as posed a good question to me and I have not been able to
find the answer.
The situation is this:
We have OWA up for our users under Exchange 5.5. Using IE,
the OWA browser interface will kick you out after three failed attempts to
provide a proper userid/password combination. When kicked out multiple times
using the same userid, the id is not locked in the domain. A security policy
states that failed login attempts in excess of x attempts in y minutes will
lock the account, but through OWA this does not seem to be happening.
The question is this, given enough time, will a cracker be
able to bruteforce the login through OWA without locking out the NT account
in the domain.
Thanks for any help in this.
John Matteson; Exchange Manager
Geac Corporate Infrastructure Systems and Standards
(404) 239 - 2981
>SELECT * FROM users WHERE clue >0
0 rows returned
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
