Hi guys to day we faced a new issue with windows server 2003 AD , Old password will still be used for one hour after changing to new password. Reasons are given below
Below is the snap shot of a article having info about use of old password:
To reliably support network access for NTLM network authentication in distributed environments, Windows Server 2003 SP1 modifies the NTLM network authentication behavior as follows:
After a domain user successfully changes a password by using NTLM, the old password can still be used for network access for a user-definable time period. This behavior allows accounts, such as service accounts, that are logged on to multiple computers to access the network while the password change propagates.
Reference : http://support.microsoft.com/kb/906305
The article details how to change the behavior. Its a registry change, which our servers don't have. And if they are missing the setting, then they default to 60 minutes.
Note : This behavior does not cause a security weakness. As long as only one user knows both passwords, the user is still securely authenticated by using either password.
C u in next post
Venky
Thursday, March 19, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment