Darksat IT Security Forums
September 21, 2019, 09:31:48 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

Can user account be locked out in case of access right violation?


Pages: [1]
  Print  
Author Topic: Can user account be locked out in case of access right violation?  (Read 1123 times)
mobi_khan
31337
***
Posts: 42


View Profile
« on: August 28, 2008, 04:34:04 am »

Hi,

Yesterday I posted a question whether the account lock out policy should be enabled or not in a domain environment. What I found that in enabling an account policy specially in domain environment any user can use this policy to launch a Denial of Service DoS attack by using a script and launch it for any particular user so that particular user will be lock out.

But this is not what I want. So what I want to ask is that is it possible that we can disable a user account if he does an access right violation on a particular folder in a domain environment.

I have implemented access right on our shared folder on the role basis with need to know and least privileges principle. I have also deployed GFI Event manager for monitoring in case of user try to take the ownership of that folder or a user tries to access an unauthorized folder. In any such event I got email alert about the user who tried to access that folder, his name, domain and folder name.

Ok but now what to do when a user has tried to access an unauthorized folder? Is there any way that I can configure on the DC setting such a policy that in case of any such event say user "Bob" tries three or four consecutive failure to that folder, the user account be locked out?
Report Spam   Logged

Geek81
N00b
*
Posts: 3


View Profile
« Reply #1 on: September 10, 2008, 04:28:21 am »

Hi.

If you want to protect folders from user changes, you can try to use Virtual Private Accounts.

From http://icoresoftware.com/:
iCore Computer 3-in-1 allows you to create multiple Virtual Private Accounts (VPAs).
Each VPA is user account that is associated with own isolated virtual machine.
All changes (documents files, software installation/uninstallation, even virus infections) remain contained in this VPA.
It's FREE.

Edit.
I just read your other messages and I think thank that iCore can help you, but you need other solutions.
« Last Edit: September 10, 2008, 05:05:22 am by Geek81 » Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.016 seconds with 14 queries.