JSI Tip 3618. Account lockouts when logging on to Outlook from an untrusted domain?

When you log on to Outlook from a workgroup, or untrusted domain, the outlook client sends the local credentials to the Exchange server, up to twelve times, even if the user enters the domain credentials when the logon box is presented.

If the current name matches a domain user name, and it is NOT the same name that is used to access a Microsoft Exchange server's domain, the account is locked out when the password policy is set to allow twelve bad password attempts.

If the user enters credentials that match a different user in the domain, but not the account that is used to access the exchange server, that account is credited with 3 bad password attempts. When that account logs on, it may be locked out.

The preferred workaround is to logon to the Exchange domain or to a trusted domain.

You could also make the password policy less restrictive, but I wouldn't.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish