Change password/disable account - password cached?

Discussion in 'Active Directory' started by gbug, Apr 24, 2008.

  1. gbug

    gbug Guest

    Hi all, recently had a situation where an employee was dismissed and asked to
    leave on the spot. I was aware of this, and changed the password of the
    account, and then disabled the account. On their way out, this person passed
    their workstation, logged onto their pc WITH their old password, and then
    sucessfully sent out an email to someone. I would have thought that because
    the password was changed, the exchange server should not let it send as
    authentication should not occur.
    Can someone please explain to me why this user was a)denied logon access to
    their pc, and b) why they could still send an email out.
    Also - what are best practices surrounding this? What do others do in this
    gbug, Apr 24, 2008
    1. Advertisements

  2. Are you sure they weren't still logged in? Your change won't take effect
    until they log out/in again.

    If not - how many DCs do you have? Could be that replication hadn't
    completed yet.

    The only other thing I can think of is that they'd still be able to log in
    using cached credentials (if they unplugged the network cable) - but then
    they wouldn't be able to do anything on the network (even if they
    reconnected it).

    Best practices dictate escorting the recently fired party out of the
    building if it's a concern. You can also disable their account rather than
    just changing the password, even if it's just temporarily.
    Lanwench [MVP - Exchange], Apr 24, 2008
    1. Advertisements

  3. They must have been logged on at the machine they sat down at.

    A better question would be why would you (Or anyone else) allow this
    individual to use a company asset after they were asked to leave? A simple
    no would probably have worked. I would think you should check the e-mail
    that was sent out to verify some other password secrets weren't sent to
    someone within the organization.
    Paul Bergson [MVP-DS], Apr 24, 2008
  4. gbug

    gbug Guest

    The account was locked out.....
    However, the workstation was still logged onto by the user. Im still
    confused as to why they would have been able to send an email out if their
    account couldnt authenticate properly (due to password change) unless the DC
    that the exchange server talked to hadnt received the update to the account.
    In future the machine should be logged out also.
    gbug, Apr 25, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.