JSI Tip 7976. When you use Start / Run to connect to a share, your account gets locked out?

If you have a local account and a domain account with the same name, but different passwords, and you logon to the local account, you may get locked out if you attempt to connect to a member server share via the Start / Run command-line.

NOTE: This will only happen if an account lockout policy is applied to the domain.

NOTE: This may also happen if you have a same name account, with a different password, in a different domain, and you are logged on to the 'different' domain.

In the above environment, the authentication request is performed using local credentials. Since those credententials DO NOT match domain credentials, each request adds to the bad password count of the domain account. Depending on the client O/S, the number of requests per connection attempt varies:

      Windows NT 4.0 SP6a    -  4 requests. 
      Windows 2000 SP4       -  9 requests.
      Windows XP SP1         - 13 requests.
If the threshold of the policy is less than the above, you will be locked out before you can be promted to enter credentials.

To workaround this behavior, DO NOT use Start / Run to connect to a share. Instead, use:

      NET USE at a CMD.EXE prompt.
      Map Network Drive from the Explorer Tools menu.
NOTE: An administrator can disable the Run command to prevent this from happening.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish