unlocking account
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: unlocking account

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    4

    Question unlocking account

    Hey everybody ,
    I have a question about unlocking a user account.
    when i misstype my password the account gets locked and only the administrator can unlock it.

    what i want to know is if there is a way to unlock the account but not with the admin's user.
    can the admin provide other users the option to unlock accounts that got locked , and if so how do we do it ?

    Thanks a lot !

    Ron

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    If it's a Win2000Pro or XP Pro box. The Admin sets this as a policy to prevent brute force attacks and dictionary attacks. After an X number of attempts it will lock you out. Unless the admin gives you specific permission to unlock accounts you are SOL so to speak. You can ask him to set it at 3 attempts before it locks you out and to change the duration. More than likely he won't though. Most companies have it set in stone.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    I really am not sure about this but GENERALLY, admins are the ONLY one who has access to Account Policies.. and the setting of accounts being locked is in the Account Policies.. which means only the admin can unlock those locked accounts.. Unless he makes another user who has thesame administrative rights as the administrator account...

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    In Windows 2000, all users in the Administrators group have access to policies and accounts (and can therefore unlock user accounts), so simply adding someone to the Administrators group would give them this privilege (plus a whole host of others, like shutting down, changing which services are running, deleting / creating / modifying user accounts, setting up file shares, changing NTFS security permissions etc.)

    Use with extreme caution!
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  5. #5
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    By default, most account-locking policies have it set for 3 incorrect passwords before it locks the account. Some have pretty strict rules such as even hitting enter will count as a password. As for linux/unix, once an account is locked, just like the guys said about Winblows, you're pretty much up the creek without a paddle as only the sysadm can save your sorry @$$ at that point. There could be some ways around it (sudo w/ nopassword option set for a script set on an account that has no home and has this script set as the shell, asking for input for a username but this is by no means secure in the slightest and it defeats the purpose of having locked accounts) but none of them are any good at all.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    218
    in order to unlock accounts, the admin can give you access rights to user manager. from there you can unlock accounts. however, if it is your own account that is locked out then that will not help you much since you need to be logged in to get to user manager. also, i highly doubt that the admin would be will to give you user manager access since from there you can alter other accounts, accidentally delete profiles, etc. unfortunatley, i am in charge of user level support here where i work. i must waste at least an hour or two a day unlocking peoples accounts. yes it would be less of an annoyance to both user and myself if they could just unlock themselves, but i realize how much of a security risk this is. i will not even change a users password until they come to me and show me photo id. my point is, just try hard to get your password correct the first time. spend an extra second to make sure the caps lock is not on, etc. it will make both you and your admin happy

  7. #7
    Junior Member
    Join Date
    Mar 2002
    Posts
    4
    the thing is that we want to create a group of people who will be able to unlock accounts.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Well, have a group of people added to the Administrators group, or, have a group created with just enough privileges to unlock accounts, but not to make other changes to the servers, then add selected people to that group.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    218
    you can create a group with admin rights as the user account control group or such and give them shortcuts to the user manager on your server, this is assuming you are running a m$ server of course. you can create the group from the admin template but then just limit and restrict other rights that you do not want to them to have access to. not hard at all. you just have to be careful. just fire up the gpedit.msc from the server and configure the group.

  10. #10
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    cactos> What operating system are you using? This is EXTREAMLY important with your question. Are you running Win 2k/xp? Linux? Solaris? Novell? BSD? What? We can't help you unless you tell us more details. What you want to do can be done, but I am not going to go through and explain how to do this under 5 different OS's, just because you didn't ask the question properly.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •