Re: Determining password expiration

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Timothy Jewett (jewettware_at_online.nospam)
Date: 01/19/05 

Date: Wed, 19 Jan 2005 07:41:02 -0800

Will,
  I did not realize that an account still works with an expired password. I
guess thats why kerberos was implemented. I already started keeping the
returned results to cut down the delay time. We get ~5000 an hour, any
employee entering a WEB application uses this service.

Thanks again for your support.

"William DePalo [MVP VC++]" wrote:

> "Timothy Jewett" <jewettware@online.nospam> wrote in message
> news:2CC4AA93-E21C-4148-9EE2-FA75BCECAAC7@microsoft.com...
> > Thanks
>
> You are welcome.
>
> > Is there nothing available with the user token that will do the same ?
>
> I don't know but I doubt it.
>
> <musing>
> Security is not my thing, but I would expect that the expiration only
> inhibits a _new_ logon. Once logged on, I would be surprised if an existing
> session was somehow changed at the expiration time. If that's the case,
> there would be no need to carry the expiration in the token. Of course, I
> could be all wrong.
> </musing>
>
> > Looking up a domain server then calling that server for info is quite
> > expensive in time, especially if the server being accessed is down.
>
> Sure, but that is where the data is.
>
> > I'm trying to be as efficient as possible.
>
> A laudable goal. So, why not maintain your own mapping of domains to PDCs?
> When you don't have an entry in the map, call DsGetDCName(). When you do,
> use what you have. If you get a return like NERR_InvalidComputer, update
> your map and issue an error if necessary.
>
> Just by the way, for a Wall Street investment bank with ~5K users, I built a
> telephone based password reset application. To be sure, on no day did all of
> the population need new passwords, but on the other hand, no one complained
> about the speed of accessing the account information either.
>
> Regards,
> Will
>
>
>

Relevant Pages

  • Auditing a Domain from a Guest Account
    ... Ecora to whip through the system and print out a nice map in Visio. ... and browse through User Manager for Domains and Server ... the account it uses an account with only user/guest access. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Determining password expiration
    ... I did not realize that an account still works with an expired password. ... guess thats why kerberos was implemented. ... but I would expect that the expiration only ... When you don't have an entry in the map, ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Novell/Windows 2003 PW Syncing problem
    ... UNC drive mapping to map a shared folder on the Win2003 server, ... It maps the folder using Bob's windows password. ... IE Bob's account on his own pc is mirrored by an account on the Win2003 ...
    (comp.os.netware.misc)
  • Re: how to create a local share on local computer
    ... I use the same login account. ... And both methods work if I map the share from another computer in the domain. ... inside the network has the server as the DNS. ... and a CNAME record intranet pointing to services.vescore.com ...
    (microsoft.public.windows.server.networking)
  • Re: backup question
    ... I was concerned that if I map the ... drive under my account it would not exist under the context of the scheduled ... > What you can do is map a network drive on your server, ... >> server so the backup goes directly to another server? ...
    (microsoft.public.sqlserver.server)