XP users can unlock screen after account lockout

windows windows-xp

Solution 1:

It's by design and looks rather logical. If users account are locked on domain controller, users cannot login with domain account anymore.

But on the locked workstation, all authorization (since no attempts to access any resources, e.g. fileshare, which require a new domain credentials check) is performed by the local security system because the local system trusts such users (already checked and authorized by AD).

So for this unlocked workstation security system, such users are still legal, but they are not able to access use any resource with domain authentication (printer/network drive) because account is locked already.

Solution 2:

Restricting cached credentials in Windows:

To force the workstation to consult a domain controller when unlocking, set the Computer Configuration, Windows Setting, Local Policy, Security Options control of "Interactive Logon: Require Domain Controller authentication to unlock workstation" to Enabled.

Solution 3:

Doesn't that just mean the local account lockout policy needs to be changed?

Local Security Policy App

(I can't post comments now. OK, thanks, I'll read them. Shall I delete this one, o ye noob stompers?)

Seriously, upon reflection, I think this post was voted down as being too simple, and Sergey's was voted down for not being clear.

Related

How to strip a Linux server distro to the core?
Why are there vines over the entrance to Bthardamz?
How to control Playstation 3 without a controller and with a pc
Can there be more than one stronghold in minecraft for ps4
Can world events be ended early?
Is there any trick to getting the sneak attack materia
What is the best way to get orbs?
How stacks work in mtg(can this scenario happen)
Is there any other opportunity to get the map in Pokemon Yellow?
Do I need an active gold subscription to play the 360 "games with gold" on Xbox One?
Space Engineers Terminal Hacking
How would I fix my locked door