W10-pro 22H2
I have a customer with two machines. Both have the
same issue
If you goof the first attempt to logon, your account gets
locked out for five minutes.
Password and attempts is set as follows:
<win><r> secpol.msc--> Security Settings (very top of the left pane)
--> Account Policies (left pane)
--> Account Lockout Policy (left pane)
--> Adjust the following (you have to set the threshold first):
x Account lockout threshold (middle one) (10)
x Account lockout duration (5)
x Reset account lockout counter after (5) https://imgur.com/JBWWAuw.png
The normal way to unlock an account before the wait period
expires is
--> logon as Administrator
--> <win><R> lusrmgr.msc
--> users
--> select user
--> uncheck "Account is disabled"
Problem: the account is not disabled (lusrmgr.msc): https://imgur.com/2rxTBQo.png
One of my major complains about Windows 10+ is the "one off"
problems, where only one computer in the entire world
has a particular issue. I wonder if I have come across
my first "two off" problem.
Path: ...!paganini.bofh.team!not-for-mail
User-Agent: Eternal September v2024
Content-Language: cn
Chinese made battery powered vibrators are getting better.....
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin mollis<data block attempting to avoid anti-spam filters using a hash>
On 4/19/24 19:00, T wrote:
Hi All,
W10-pro 22H2
I have a customer with two machines.˙ Both have the
same issue
If you goof the first attempt to logon, your account gets
locked out for five minutes.
Any Words of Wisdom?
-T
Figured it out.
Everything was working as it was suppose to.˙ The
reason why the account kept getting locked out was
due to a "Brute Force RDP attack".˙ The attacker
kept running up the failed log in attempts in
rapid succession.
Fortunately, the security provisions I
had put in place held.
Now that I know what was causing the issue, I
blocked the attackers multiple IP addresses
at the network firewall.
<editorial comment> OH HOLY [expletive deleted] !!!! </editorial comment>
Thank you all for the help and tips!
On 4/19/24 19:00, T wrote:
Hi All,
W10-pro 22H2
I have a customer with two machines.˙ Both have the
same issue
If you goof the first attempt to logon, your account gets
locked out for five minutes.
Password and attempts is set as follows:
<win><r> secpol.msc˙ --> Security Settings (very top of the left pane)
˙˙˙ --> Account Policies (left pane)
˙˙˙˙˙ --> Account Lockout Policy (left pane)
˙˙˙˙˙˙˙ --> Adjust the following (you have to set the threshold first):
˙˙˙˙˙˙˙˙˙˙˙˙ x˙ Account lockout threshold˙ (middle one)˙˙ (10)
˙˙˙˙˙˙˙˙˙˙˙˙ x˙ Account lockout duration˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ (5)
˙˙˙˙˙˙˙˙˙˙˙˙ x˙ Reset account lockout counter after˙˙˙˙˙˙˙ (5)
https://imgur.com/JBWWAuw.png
The normal way to unlock an account before the wait period
expires is
˙˙˙ --> logon as Administrator
˙˙˙˙˙ --> <win><R> lusrmgr.msc
˙˙˙˙˙˙˙ --> users
˙˙˙˙˙˙˙˙˙ --> select user
˙˙˙˙˙˙˙˙˙˙˙ --> uncheck "Account is disabled"
Problem: the account is not disabled (lusrmgr.msc):
https://imgur.com/2rxTBQo.png
<editorial comment> AAAAAAHHHHHH!!!!!!</editorial comment>
Any Words of Wisdom?
-T
Figured it out.
Everything was working as it was suppose to. The
reason why the account kept getting locked out was
due to a "Brute Force RDP attack". The attacker
kept running up the failed log in attempts in
rapid succession.
Fortunately, the security provisions I
had put in place held.
Now that I know what was causing the issue, I
blocked the attackers multiple IP addresses
at the network firewall.
<editorial comment> OH HOLY [expletive deleted] !!!! </editorial comment>
Thank you all for the help and tips!
-T
Wouldn't RDP'ing from the outside to a host on the inside of a firewall
mean there was a hole punched in the firewall (a rule) to allow those
externally sourced RDP requests?
This is true.˙ You have to do a port forward and allow and
unestablished connection for that port.˙ It helps narrow
the rule down if you know from what network and mask they
are coming from, but that kills the ability to do roaming.
Why was the problematic host running an RDP server?
Customer needs remote access those two computers.
It does fail if the employee wishes to run some proprietary software for which there are only sufficient licenses to support the two machines at
head office. In this case RDP to those machines would work better, but
of course it denies use to staff at head office for the duration of the remote connection.
Why was the problematic host running an RDP server?
Customer needs remote access those two computers.
There is now a different way to achieve access to your files, which is
to use Microsoft OneDrive.
If he's supporting remote users, he'll likely need access to the PCs themselves,
not just access to a few selected files.
Given that you are running a business that tries to support customers,
do you think you should be better informed about how to support those
customers? It worries me that you appear to be putting those customers
at risk. Clearly they don't have expert knowledge - they come to you!
You may have to tread lightly there. I said much the same thing several years ago and he got offended.
Char Jackson wrote:
[snip]
Why was the problematic host running an RDP server?
Customer needs remote access those two computers.
There is now a different way to achieve access to your files, which is
to use Microsoft OneDrive.
If he's supporting remote users, he'll likely need access to the PCs themselves,
not just access to a few selected files.
No, you've misunderstood. The OP (named T I think) is trying to support
his customers. So he might well need access to those PCs.
But T's customer requires remote access to files. So I presume that T's customer is a small business of some sort. The suggestion that I'm
making is that T's customer should use OneDrive thereby avoiding all the difficulties with RDP and security.
Given that you are running a business that tries to support customers,
do you think you should be better informed about how to support those
customers? It worries me that you appear to be putting those customers
at risk. Clearly they don't have expert knowledge - they come to you!
You may have to tread lightly there. I said much the same thing several years
ago and he got offended.
If the OP is not prepared to listen to advice and evaluate its
credibility - entering into a dialogue where appropriate - then he's
doomed anyway. All that happens is that he gives computer support businesses a bad name. So we have a duty to help him where we can.
But we should be polite and not insult him, I agree.
Sysop: | Tetrazocine |
---|---|
Location: | Melbourne, VIC, Australia |
Users: | 7 |
Nodes: | 8 (0 / 8) |
Uptime: | 153:08:29 |
Calls: | 46 |
Files: | 21,492 |
Messages: | 65,451 |