|
MCSE Certification Boot Camp
New Features in the Windows Server 2003 Family
In the Windows Server 2003 family of operating
systems, Microsoft has improved the function of the
Account Lockout feature on both servers and client
computers.
Computers Running Windows Server 2003 That Act As
Network Servers
To improve the experience for users and to decrease
the overall total cost of ownership, Microsoft made
the following changes to the behavior of domain
controllers in the Windows Server 2003 family:
| • |
Password history check
(N-2): Before a Windows Server 2003
operating system increments badPwdCount,
it checks the invalid password against the
password history. If the password is the
same as one of the last two entries that are
in the password history, badPwdCount
is not incremented for both NTLM and the
Kerberos protocol. This change to domain
controllers should reduce the number of
lockouts that occur because of user error. |
| • |
Single user object on
demand replication: See the "Urgent
Replication" section in this document for
more information. |
| • |
Optimized replication
frequency: The default frequency for
replication between sites is to replicate
every 15 minutes with a 3-second offset to
stagger the replication interval. This
optimization improves the replication of a
password change in a site because it
decreases the chances that the domain
controller would have to contact the PDC
operations master. |
Computers Running Windows Server 2003 Family Acting
As Network Clients
Microsoft has added the following features in the
Windows Server 2003 family to gather the process ID
that is using the credentials that fail
authentication:
| • |
Auditing logon changes:
There are entries for all logon and logoff
events (528 and 540, as well as 529 through
539). |
| • |
Auditing of processes
encountering authentication failures: New
information is added to the Security event
log when authentication failures occur:
|
• |
Caller User
Name |
|
• |
Caller Domain |
|
• |
Caller Logon ID |
|
• |
Caller Process
ID |
|
Microsoft has added the following administrative
enhancements to provide more account lockout
information than the information that is available
in the default configuration of the Windows
Server 2003 family:
| • |
AcctInfo.dll: The
AcctInfo.dll file is a property page
extension for user objects in the Active
Directory Users and Computers MMC that
provides detailed information about user
password attributes. An administrator can
use the AcctInfo.dll file to reset user
account passwords on a domain controller
that is in the user's Active Directory site. |
| • |
LockoutStatus.exe: The
LockoutStatus.exe tool displays bad password
count and time information from all of the
domain controllers that are in a domain. You
can run this tool as either a stand-alone
tool or as an extension to the AcctInfo.dll
file when you place it in the Systemroot\System32
folder on your computer. |
|
Payless
MCSE Boot camp offers Payless MCSE boot camp, MCSE training boot
camp, MCSE certification boot camp, MCSE Cisco Boot camp, MCSE
Certification training boot camp. MCSE Training certification boot
camp, MCSE Boot Training Camp, MCSE boot certification camp, MCSE UK
Boot camp, MCSE san Mateo Boot camp, MCSE Japan boot camp, MCSE USA
Boot camp, MCSE Europe Boot camp, MCSE guaranteed boot camp.
- Do you want to
become Real MCSE, CCNA or CCNP certified?
- Do you want to
Payless for certification?
- Do you want to
finish in 2/3 weeks?
MCSA :
MCSE :
MCSE +
Security :
CCNA
: CCNP
:
Bootcamp :
MCSE training :
Vibrant MCSE :
Vibrant CCNA
: Vibrant
CCNP
: camp :
Home :
links :
Resources :
Ref1 :
Ref2
|
Note: 
