i'm talking about windows NT 4 , or Win2K.
can you guys be more specific about what premisions should i give ?
Printable View
i'm talking about windows NT 4 , or Win2K.
can you guys be more specific about what premisions should i give ?
well.. to be specific enough.. you could give them the permission to use the account policies..
or better yet... try this..make an account that is solely used for unlocking.. and let them use it incase they get locked out.. remember its useless giving them rights to unlock themselves if they cant get log on in the first place..
give that account the right to access user policies.. or was that account policies... i dont remember.. but then the person you should ask is Matty_Cross.. he's a network engineer.. im just a network manager/administrator he knows more than i do
have you/your admin ever thought about setting a timeout on locking. I know in NT4 domains that it's possible. I was so tired of being called at 3:00am because some idiot had the caps lock key on and locked themselves out, so I added a 1 hour timeout (you can make it faster) and the account will unlock itself (actually the system account does the unlocking, but you know what I mean).
Have your admin put a timeout in there so you can get back in, you just have to wait.
As far as I understand, the lockout thing was put there to thwart unauthorized access attempts and would 1) make sure that a hacker or unscrupulous employee wouldn't be able to access that account after it's locked 2) give an easy record of which accounts are being tried on a consistent basis.
Only one try on the password seems a little harsh, brute force would be just a useless with 1 try as it would be with 3. Being the admin on that network must suck your whole job would just be reactivating people’s accounts.
in 2k just use Account Operator built security group in AD...allows access to account functions without additional elevated privledges..think you can do something like this in NT as well...beware though...AO's can modify, add or delete most all account info...
failing that a 15 minute timeout can work
Okay guys !!
Thank you very very much - you have been very helpfull and threfore i'll try to ask another thing with unlocking:
when a user press CTRL,ALT,DEL and locks he's account the msg on the screen says:
"the computer was locked by XXX and it can only be unlocked be user XXX or an adminisrator"
my question:
can it be unlocked by another user (not an admin) ? and how do i give someone the premissons to unlock a workstation ?
Thanks a lot !
Ron
Only the current logged in user, or any member of the Administrators group, can unlock a workstation when it's Ctrl. Alt. Delete Locked.
hey guys im just a newbie and all but i was looking for ways to tweak up my pc the other day well i cut and pasted this so i would have it after i upgrade sorry tho i cant remember where i got it but it might help and it might not you decide..............To display the Administrator (master: Admin/Sysadmin) account on the Windows XP Welcome logon screen, fire up Regedit (or Regedt32) and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Create (if not present) a new Value: right-click on an empty spot in the right hand pane -> select New -> DWORD [REG_DWORD] Value -> name it Administrator -> click OK -> double-click on it -> check the Decimal box -> type 1 -> click OK.
Modify (if present) the "Administrator" DWORD [REG_DWORD] Value: highlight it in the right hand pane -> select Modify -> check the Decimal box -> type 1 -> click OK.
Close the Registry Editor when done.
From now on, whenever you logon as Admin/Sysadmin [ONLY IF you have administrator rights to the computer you're trying to boot into :)] you'll see the Administrator account on the Welcome display. well now maybe this just changes the cosmetics on youre pc i dont know because i still got me but it sounds to me like an interesting little something even if its not any use to you.
This happened to me at college, but so long as the network is secured by sensible admins, then only the admins will be able to unlock any accounts. Usually three incorrect logins in one go will lock your account automatically (some idiots deliberately tried three different passwords just to lock my account! :mad:), although some admins may set this number higher, lower, or even turn it off altogether.Quote:
Originally posted here by cactos
Hey everybody ,
I have a question about unlocking a user account.
when i misstype my password the account gets locked and only the administrator can unlock it.
what i want to know is if there is a way to unlock the account but not with the admin's user.
can the admin provide other users the option to unlock accounts that got locked , and if so how do we do it ?
Thanks a lot !
Ron
Admins can provide other users with the option to unlock accounts, they'd just have to give you some of their priviledges first, which they might not want to do. I don't know whether the ability to unlock accounts can be granted specifically, as I'm not an expert with Win2k or XP, but I imagine you'd get some other priviledges as well.
Hope this helps. :D