Applying a password policy to an Organisational Unit on Windows 2000 Server

Posted on 2005-04-10
Last Modified: 2010-04-14
Hi friends,

I've put one of my users into a new Organisational Unit on my Server using Active Directory. I then editied the Group Policy to change the Account Lockout setting to make 1 failed login attempt lockout the account for 30 minutes.

However, it doesn't work!

What could I be doing wrong?


Question by:LeeGolding
    LVL 35

    Expert Comment

    by:Nick Sui
    It won't work. Account Policies and Kerberos Policies are only applied from Default Domain Policy.
    LVL 35

    Accepted Solution

    For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain policy and is enforced by the domain controllers that make up the domain. A domain controller always obtains the account policy from the Default Domain Policy Group Policy object, even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers joined to a domain (such as member computers) will also receive the same account policy for their local accounts. However, local account policies can be different from the domain account policy, such as when you define an account policy specifically for the local accounts.
    ***End Quote

    Ref: -


    Author Comment

    Ok. Thank you.

    LVL 35

    Expert Comment

    by:Nick Sui

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now