User to never be locked out

Posted on 2005-04-06
Last Modified: 2010-03-18
Running NT network with 3 domains, user policy is set to 3 tries and you are locked out.  I need to set one particular user to never be locked out, how can I do this without effecting everyone?  Thanks in advance.
Question by:apaddle
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Don't think you can, if I remember correctly, password/account policies affect the entire domain... BUT, I could be wrong - check over the policies available for users in a Group Policy object in Active Directory (assuming this is a 2000 or 2003 domain - if NT4, I really don't think it's possible).
    LVL 18

    Expert Comment

    I remember that if you set the threshold to 0 disables the lockout policy.

    Author Comment

    Threshold?  Where would I locate this...the registry?  Where?
    LVL 4

    Expert Comment

    I guess Threshold is time of lock duration? It is controlled by the policy anyway.
    LVL 18

    Accepted Solution

    User Manager/Policies/Account/No account lockout. Use usrmgr.exe in the domain controller if I remember well.

    Author Comment

    Changing it in user manager/policies/account/no account lockout, changes it for everyone, I just want it for one person.  Thanks though.
    LVL 1

    Expert Comment

    Consider scheduling a .bat file that perpetually unlocks the account....

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now