Set up account lockout (for a newbie)
Posted on 2009-12-24
Good morning experts,
We're trying to set up account lockouts on our domain controller, which is running Win2003 Small Business Server. There are two groups of users (OUs?) that require different policies. It's unclear at this time whether we'll be able to segment additional groups (at least 1 more is coming soon) to different machines, or if all will need to be domain groups. Therefore I think the thing to ask is for help with domain groups, and if you want to comment on the differences between domain and local groups that would be great.
I've set the duration, threshold and reset in the Default Domain Security Settings and Default Domain Controller Security Settings, with no apparent effect on members of the "Users" or "SBS Users" groups.
I've spent several hours on this and read many things already, to no avail. That may be due at least in part to what the things I've read assume I already know...which is very little, so please write your instructions for a complete newbie to these matters. As an example, I had to look up the terms "GPO" and "OU" when I started this. Don't tell me to "link the GPO to the user OU", please tell me how!