The biggest argument in favor of applying an Account Lockout Policy is to impede brute force attacks. Applications with their own credential stores that authenticate against Active Directory with stale credentials.Īnd I’m sure this is just the tip of the iceberg.Administrative Remote Desktop Connections to Windows servers left disconnected.Disconnected Citrix XenApp or Remote Desktop Services sessions that are not configured to timeout.
MAC OS ACTIVE DIRECTORY GROUP POLICY PASSWORD
User logged into multiple computers when initiating a password change.Multiple Citrix XenApp or Remote Desktop Services sessions open when a user initiates a password change.Stale credentials used to run Scheduled tasks.Stale credentials for Windows Service accounts.Some additional examples of things that can trip an account lockout policy include: The only way to resolve that problem until the password can be changed on all mobile devices would be to put that user account in an “exceptions” policy that does not have account lockout configured. What happens if their iPad, also configured to receive Exchange email, was left home today? You are basically SOL.
This gets even worse if a user has more than one mobile device. With most normal account lockout policies set to 5 or 6 attempts, the iPhone WILL trip the policy. Once an iPhone user’s password expired, the iPhone would keep trying to log them in. At my company, iPhones configured to receive Exchange email were the biggest problem.
0 kommentar(er)
