Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

need to set policy on account so it does not lock out........

Posted on 2006-11-15
7
Medium Priority
?
365 Views
Last Modified: 2010-04-18
Ok im hoping someone can help with this one,
We currently are running a 2003 ad, with several sites managed by local it staff.
our default domain controller policy locks out user accounts after 3 invalid passwords to meet SOX requirements.
I current issue is that some of our sites have alot of usere that use the same account, to logon and do generic tasks. The account is locked down to be verry restricted on what the user can do.
But because so many people are using the one account, issues such as some one fat fingering the password or having the caps lock on causes the account to lock out after 3 invalid attempts thus locking out any one who uses the account.
I need a way set no lockout on this one account, but i dont see any options to do this in AD. Is there a way or is there some 3rd party software that would alow me to make this change so the user ID does not lock EVER?
Thanks
0
Comment
Question by:prelude812
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 2

Expert Comment

by:sscuser
ID: 17949269
Probably the best solution is to create a seperate OU for those users, create a GP object that does not have lockouts, and apply it to that OU...

So, have the setting undefined on your default policy...create two OU's, one for normal users and one for the non-lockout users, and define the lockout within the OU specific GP's...or just remove the lockout policy altogether.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17951448
You can have only one password polic per domain. No work arounds (unless you go third party app) but as far as AD is concerned its one and thats it
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 17952086
The only way to do this without 3rd party applications (which I don't know of any off the top) is to put that user account in it's own domain.  By default, the Domain is a Security Boundary - which reinforces Jay's statement that you can only have one Account Policy in the domain that cannot be blocked or overridden.

Contrary to what others on this site have determined, it's not possible.  Placing policies on OUs only affects LOCAL logons to the workstation - NOT domain logons.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 18385462
I think the answer was provided.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question