JSI Tip 1843. How does Windows NT maintain the 'Bad Password' count?

Each domain controller in a Windows NT 4.0 network maintains an independent count of failed user authentication.

Replication does not occur until the account lockout is tripped.

When an user logs onto a workstation, pass-through authentication occurs over the secure channel. If the logon attempt fails, due to incorrect credentials, the validating domain controller adds 1 to the Bad Password count.

When a NET USE command that requires pass-through authentication is used, a failure to authenticate password adds 1 to the Bad Password count, on the validating domain control.

When a user connects to a UNC that requires pass-through authentication, the process is identical, EXCEPT that the Multiple UNC Provider (MUP) repeats the process 3 times, resulting in a failure adding 3 to the Bad Password count on the validating domain controller.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.