Skip to content

Bad password count not incremented when using an old password

October 26, 2014

This was a change introduced back with Windows Server 2003 known as Password history check (N-2), but it isn’t known by many.

Provided their accounts have password history enabled, when users try to log on, if they enter their previous password (or even the password prior to that), the badPwdCount will not be incremented, which is, in turn, used to track bad password attempts and causes the account to get locked out.

The goal of this change was to reduce the amount of account lockouts by users typing their previous password instead of the current password.

Mark

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: