How to allow a user to unlock user accts from XP box?

Discussion in 'Windows Small Business Server' started by Tammy, Jan 19, 2006.

  1. Tammy

    Tammy Guest

    Hello all,

    We are using SBS2003 Premium (no SP1) in a small office with approx 14
    workstations running Windows XP Pro SP2.

    I believe my question is simple :)

    When myself, or our developer are not available, and a user account is
    locked they have to wait until either one of us are available to unlock the
    account. We want to provide this capability to a designated user in the
    office but I was hoping they could do this task from their workstation, as
    opposed to the server. I could provide them instructions for how to do on
    the server (in Server Management) but really do not want them on there for
    obvious reasons.

    Any tips on how to accomplish this? User accounts are configured to lockout
    after 10 failed attempts so this will not happen very often but still would
    be handy.

    Thanks so much in advance!
    Tammy, Jan 19, 2006
    1. Advertisements

  2. I have lockout set to 10 and I've never had a user get locked out from
    password errors that I remember. You can set lockout to automatically
    unlock after X minutes, but unless it's a fairly long period, you risk
    allowing someone to resume a dictionary attack if that's what caused it. I
    don't have lockout automatically unlock because I want to know what locked
    the account first.

    AFAIK there's no way to unlock an account other than in AD, and the only
    alternative to letting someone log in at the server is RDP. I gave my boss
    printed instructions on how to remote into the server from his desktop to
    unlock accounts, but he's never had to do it. That way, he doesn't have an
    admin-level account himself, but would use the built-in administrator
    account over RDP if he had to unlock somebody.
    Dave Nickason [SBS MVP], Jan 19, 2006
    1. Advertisements

  3. Tammy

    Steve Guest

    In addition it seems like some user training is necessary as its pretty hard
    to enter name/password incorrectly 10 times without realizing that something
    is wrong and perhaps an administrator should be contacted.
    Steve, Jan 19, 2006
  4. Tammy

    /kj Guest

    If you really want to handle it using this approach, then install the admin
    tools on the users XP SP1+ workstation and delagate the user the permissions
    to reset the account lockout.

    It can be done programatically and with .net 2.0 a little easier. Someone
    with good scripting skills could do this for you or perhaps already have.
    Check in the scripting newsgroups or "ScriptCenter".

    /kj, Jan 19, 2006
  5. Tammy

    Tammy Guest

    Thanks Dave! Our lockout is also set to 10 so this does rarely happen. I
    have the lockout set to reset after 30 mins but I think I will disable per your reasons below. Not sure why it was at 30 in the first
    place! Do what this more secure.

    Thank you again for your assistance with this and have a great weekend!
    Tammy, Jan 20, 2006
  6. Tammy

    Tammy Guest

    Thanks for your help and pointing out those admin tools to me. I've already
    downloaded them but for my use right now. :)
    Tammy, Jan 20, 2006
  7. Tammy

    /kj Guest

    Just to close the programatically part of this thread. There is a very
    simple snipit of script to do this on scriptcenter. Worked quite well on my
    dev/test domain.

    /kj, Jan 20, 2006
  8. Nobody

    uh? Did you realize that you replied to a post that is from Jan 19th 2006?
    I don't think Tammy is probably still following this thread.

    Is your Date Field on Outlook Express Reversed? (Showing Oldest First?)


    Russell Grover
    Microsoft Certified Small Business Specialist.
    MSN Messenger
    Support @ SBITS.Biz
    Search for your answer
    Russ - SBITS.Biz \(MCP SBS\), Sep 18, 2006
  9. Russ - SBITS.Biz \(MCP SBS\), Sep 18, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.