Account Lockout Policy

Discussion in 'Windows Small Business Server' started by Brandon, Feb 17, 2005.

  1. Brandon

    Brandon Guest

    I've applied an account lockout policy in the "Default Domain Policy" under
    Computer Configuration > Windows Settings > Security Settings > Account
    Lockout Policy. I've set it up where after 6 bad login attempts, the
    account is supposed to be locked out, but it's not working. The clients are
    XP Pro. Any ideas?
     
    Brandon, Feb 17, 2005
    #1
    1. Advertisements

  2. I don't recommend you alter the "Default Domain Policy". It should be left
    "pure" and "untouched". If you wreck the "Default Domain Policy" there is
    nothing to go back to. You should create a completely new GPO and link it
    to the OU(s) you want it to apply to,...it will overide the "Default Domain
    Policy".

    The GPO may not take effect until the workstations are rebooted. Also I
    believe (but could be wrong) with password policy it does not effect the
    current password, it effects the next password after this current one gets
    changed. You could "mass-select" the user accounts you want it to effect and
    set them to force a password change at next login. Be carefule,
    though,...you don't want the policy to effect "service accounts" and
    probably some administration accounts. If "service accounts" have their
    passwords expire then the services that operate from these accounts would
    stop working,..you could create a real disaster.

    I would recommend you move the Users you want the policy to effect into a
    distinct OU and then apply the Password Policy GPO to just that OU so that
    other "special" user accounts are not effected.

    Keep in mind that you can wreck a Domain extremely fast and throughly with
    GPO if you aren't careful, and if you did it with the "Default Domain
    Policy" then you are *really* screwed.
     
    Phillip Windell, Feb 17, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.