Seven day ago I implemented an account lockout policy which was
Account Lockout duration 0 mins
Account Lockout threshold 5
Reset account lockout counter after 60 mins
I put this in as part of my default domain policy. Two days later I decided I no longer wanted tohe policy and changed the settings to:
Account Lockout duration: not defined
Account Lockout threshold: 0
Reset account lockout counter after: not defined
That was five days ago and I am still having accounts get randomly locked out. The policy has replicated through my domain.
As soon as an account gets locked out I check both the local security policy on the desktop or server from which they were ltrying to authenticate to see if the old account lockout setting are still being cached. It doesn't appear that they are. When I check they are:
Account Lockout duration not defined
Account Lockout threshold 0
Reset account lockout counter after not defined
I'm assuming the old account lockout policy is still being cached somewhere, but I can't find it.
Is there a way to see what the applied account lockout policy is on a computer/server. Appaernetly the applied account lockout policy must be different that what is showing on the local user desktop/server local security policy.
Does anyone have any suggestion as to where I should look to see where it is caching the information?