locked
Security Issue RRS feed

  • Question

  •  

    I may have a security issue and wanted to get some feedback.

    In a nut shell, my user accounts are locking out.

    I saw the windows 2003 lockout policy was set to lock out after 50 attempts(!) with reset every 30 mins. The 50 seemed odd so I cut it down to 3.

    Although I assume my system has been hacked, before re-installing WHS and killing all remote access, I thought I bounce it off  the group as this may be helpful to others.

    Is there a bug or setting needed?

    Many thanks.

    Monday, February 16, 2009 1:52 PM

Answers

  • 50 is the default setting for Windows Home Server. 

    User accounts on the server may lock if you have differing passwords on the client and the server and you attempt to access server resources. It depends on the resource and the acess method. Regular file access will normally get you a password prompt, but some other methods may simply retry until the account locks.
    I'm not on the WHS team, I just post a lot. :)
    • Proposed as answer by kariya21Moderator Tuesday, February 17, 2009 12:59 AM
    • Marked as answer by Fauldini Tuesday, February 17, 2009 2:59 PM
    Monday, February 16, 2009 4:31 PM
    Moderator

All replies

  • 50 is the default setting for Windows Home Server. 

    User accounts on the server may lock if you have differing passwords on the client and the server and you attempt to access server resources. It depends on the resource and the acess method. Regular file access will normally get you a password prompt, but some other methods may simply retry until the account locks.
    I'm not on the WHS team, I just post a lot. :)
    • Proposed as answer by kariya21Moderator Tuesday, February 17, 2009 12:59 AM
    • Marked as answer by Fauldini Tuesday, February 17, 2009 2:59 PM
    Monday, February 16, 2009 4:31 PM
    Moderator
  • Well its nice to know 50 is normal. Yes, I have read that lockout can occur with non-sync'd passwds (I have been getting the simple user/pass prompt when accessing shares - answered with sucess, but ALL WHS user accounts get re-locked after unlock when doing nothing. Wonder why I have not seen this in over a week of WHS use. Although I have tried a lot of media steaming (fails on movies).  

    Also I will try reboot client to release any pending retries to WHS...  

    So wondering if this is typical behavior and if others have seen in recent builds and why.
    I though recent build and updates had resolved this timeout issue(?)
    many thx for the quick reply.
    Monday, February 16, 2009 5:37 PM
  • Fauldini said:

    ... Although I have tried a lot of media steaming (fails on movies).  ...


    Depending on what exact software you're using as the streaming client, it may attempt to access access the streaming server on your WHS computer as the logged-in user, using the logged-in user's password. You can try turning on the guest account on your server, if it's not already turned on; that may grant sufficient access in this situation. If the guest account isn't enabled, some software will simply try repeatedly to access the server, until it locks the account.

    This is one of several reasons why Microsoft strongly recommends the synchronization of passwords between the server and your client PCs.

    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by Fauldini Tuesday, February 17, 2009 2:58 PM
    • Unmarked as answer by Fauldini Tuesday, February 17, 2009 2:59 PM
    Monday, February 16, 2009 5:43 PM
    Moderator