Our kids think it's hilarious to repeatedly attempt to log onto another kids account till it gets locked out. Now, i'm assuming this is a problem at other schools also, and i'm wondering what strategies others might have used to deal with this, as along with resetting passwords, it's a huge time drain.
Anyone car to share?
We just changed the lockout policy for our Student domain so that didn't happen.
Make the number of failures a bit higher but not too high.
Also remove the username from the logon box so that they have more to type and can't just press enter to their hears content.
we clear last user at logon through GP, but in general it's done with malicious intent. I've thought about upping the number of failures a bit but they'll just sit and hit enter a few more times and we're back to square one...
it's a toughy
When you catch them, send them through the school's punishment system for misuse of the networked computers.
This has to be treated like vandalism. Which is another crime that can't be detected unless you use video cameras and such.
Also check logs if the same student is on computers near or logins after on computers where lockouts happen it may point to the culprit.
.a
Yeah it's almost impossible to detect the culprit. Only ever caught one herbert, and that was only after following a lead (namely that he boasted repeatedly to his victim)
I think there's nothing for it. The computer should be rigged to trigger the release of an electric shock upon lock-out
That'll learn 'em 8O
I'd turn off account lockout. You can always look at ways of recording failed login attempts centrally if you're worried about serious hacking attempts.
What happens when they start locking out staff accounts? Or your Head's account? No thanks!
@NetworkGeezer
I have considered supplementing the Axis cameras with Nerf sentryguns.
@sahmeepee
A good proportion of our users have passwords like "rabbit". It takes ~1 minute to unlock an account and up to 15 mins to restore deleted files from tapes. Assuming the user has noticed, and thus the tape isn't offsite.
a) They're not _that_ stupid.What happens when they start locking out staff accounts? Or your Head's account? No thanks!
b) I'd rather they locked out a staff member than discovered the crap passwords some of our staff use.
c) If they did the larting process would be speeded up / supported, so it's a win-win.
Pete (who works with Ken)
We're getting the same problem
usernames are hidden, and lockout set to 5 invalid attempts (locks them out for 5 mins then resets the lock - i would have it longer but teachers decied to go over my head on the matter - as per usual!)
Did have "Password must meet complexity requirements" enabled but again teachers moaned too much about it.
So now im back to simple passwords, a lockout of 5 mins after 5 failures, and accounts being deliberately locked out again.
Not gonna enable "account cannot be locked" setting cos of malicious file deletion when i started.
I guess you do what works with your network or, more to the point, with your users. For us it's not such a big problem, so we don't enforce a policy. With volume shadow copy /previous versions restoring deleted files is pretty easy.Originally Posted by pete
I think 5 in 5 minutes is a good level to choose though: the time has to be short enough that it's not worth sending the pupil to the techies to get unlocked!
This isnt somthing we have run into but i think sahmapee is right. You have to make waiting for the time out to expire less of an inconvenience than asking for a manual reset. Introduce some 'identity checks' before resetting a password, the kind that take 10 minutes to complete.
If you want to use a big stick, enable Auditing of failed Account Logon events, this will give you a machine name so that it you're quick enough or have cctv, you can catch those responsible.
What about giving them usernames which cannot easily be guessed?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote