Applying a password policy to an Organisational Unit on Windows 2000 Server

Hi friends,

I've put one of my users into a new Organisational Unit on my Server using Active Directory. I then editied the Group Policy to change the Account Lockout setting to make 1 failed login attempt lockout the account for 30 minutes.

However, it doesn't work!

What could I be doing wrong?

Thanks,

Lee.
LeeGoldingAsked:
Who is Participating?
 
Nirmal SharmaSolution ArchitectCommented:
***Quote***
For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain policy and is enforced by the domain controllers that make up the domain. A domain controller always obtains the account policy from the Default Domain Policy Group Policy object, even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers joined to a domain (such as member computers) will also receive the same account policy for their local accounts. However, local account policies can be different from the domain account policy, such as when you define an account policy specifically for the local accounts.
***End Quote

Ref: - http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_sceacctpols.mspx

Thanks
0
 
Nirmal SharmaSolution ArchitectCommented:
It won't work. Account Policies and Kerberos Policies are only applied from Default Domain Policy.
0
 
LeeGoldingAuthor Commented:
Ok. Thank you.

Lee.
0
 
Nirmal SharmaSolution ArchitectCommented:
Welcome!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.