PC_Rob
asked on
Removing Domain Level Account Lockout Policy
For some reasons I won't go into, I have removed the account lockout from the Default Domain policy. I have done this by setting the account lockout threshold to "0" attempts. This setting HAS replicated to my second DC, and I can see it in all areas, and on both servers. Yet after 4 invalid login attempts by any user on the network, their account still locks out.
I have searched all over the net trying to find the cause, and can only find other people asking this same question, but with no answers. There must be a setting that is being missed that is still enforcing this policy.
Any help would be appreciated.
Regards,
Rob
I have searched all over the net trying to find the cause, and can only find other people asking this same question, but with no answers. There must be a setting that is being missed that is still enforcing this policy.
Any help would be appreciated.
Regards,
Rob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It has been 3 days since the change has been made on the servers. One of the other servers I am testing with has been rebooted several times since then, and it still causes a lock out when I test it.
The server I am testing with is running Server 2000 and will not support RSoP. I did run it on my local XP workstation, and the policy is showing correctly, yet if I type my password in wrong 4 times for testing, it locks me out.
The server I am testing with is running Server 2000 and will not support RSoP. I did run it on my local XP workstation, and the policy is showing correctly, yet if I type my password in wrong 4 times for testing, it locks me out.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ah, I take it back. Apparently Account Lockout policies can apply to OUs. I was thinking of Password Policies.
ASKER
Yes, it is actually on both the Domain controller policy and the domain security policy.
It is also on the default domain policy in AD.
Still locking out.
Thanks
It is also on the default domain policy in AD.
Still locking out.
Thanks
ASKER
I re-verified everything, and my accounts are still locking out when I test them. The policy is in place properly.
Any more ideas?
Thanks,
Rob
Any more ideas?
Thanks,
Rob
ASKER
I still never resolved this problem, but I got around it for now.
Thanks for the input.
Rob
Thanks for the input.
Rob
I am having the same issue. I have opened a thread on expert exchange also. The title is Account lockout policy is still being enforced after policy is removed. I didn't know if anyone on this thread found anything out.
Thanks
Thanks
I am having same issue. There is NO policy enabled anywhere and I have run gpupdate /force to update. I have confirmed replication is fine between domain controllers. Still users are locked out after three attempts.
Seems to be an epidemic... I too have this issue.
ASKER