This works fine if the user was locked out...Props for figuring out one
of my favorite Windows admin tricks!
________________________________
From: [email protected]
[mailto:[email protected]] On Behalf Of Adrian
Crenshaw
Sent: Sunday, October 04, 2009 12:28 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Interesting finding on locked accounts in ADS
I just found out something interesting by accident. It seems that if an
account is logged in to a box, but the box is locked, you can not unlock
it with a locked account (too many bad password attempts I think).
However, if you pull the network connection so it has to use cached
credentials it will let you right in, then you can reconnect the network
cable. I'm not sure if it would work if the user was logged out, but if
someone could test and let us know that would be cool. Seems like an
interesting oversight.
Adrian
******************************************************************************
This email contains confidential and proprietary information and is not to be
used or disclosed to anyone other than the named recipient of this email,
and is to be used only for the intended purpose of this communication.
******************************************************************************
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
