How to lock Windows account (reset login cache)?

P

post_ed2019-08-23 12:51:16

Active Directory

post_ed, 2019-08-23 12:51:16

Situation:
1. blocking the user account:

dsmod user "CN=Иванов Иван Иванович,OU=DepDirectors,OU=Contoso,DC=Contoso,DC=lan" -disabled yes

2. kick the user out of the system:

start psexec64.exe -accepteula \\WSIVANOV -i -s %windir%\system32\rundll32.exe user32.dll,LockWorkStation

after that the user can still log in! but only the first time!
the second time the system will already write to him that the account is blocked.
How to make it so that the user can not log in even 1 time after the account is locked? (maybe credentials are cached somehow?)

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

Nikita Kolesnikov, 2019-08-23
@NikitOS_MV

This is?

J

John_Nash, 2019-08-23
@John_Nash

gpupdate

S

Subarist248, 2019-08-23
@Subarist248

Oh gods.... Well, block the user in OU, make him a logof, make gpupdate on AD (just in case, although this is not necessary in this scenario) and that's it, man))) And how you do it is some kind of rubbish .....