Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1153
  • Last Modified:

How can I change number of password attempts?

I would have thought this would have been under "Change password policies" in SBS Console, but that only lets you change complexity, number of charachters and if it expires or not.

I couldn't see where I could change the policy on how many attempts each user gets before they are locked out.

SBS 2008 Standard Edition.

Thanks.

Bert
0
Bert2005
Asked:
Bert2005
  • 4
  • 4
1 Solution
 
AustinComputerLabsCommented:
I use group policy (GP).
In the GP edit:
Computer Configuration
Windows settings
Security settings
Account lockout policy
Account lockout threshold
0
 
Bert2005Author Commented:
Shoot. And, I was in the GP edit, but couldn't find it. Thanks. Worked perfectly.
0
 
Bert2005Author Commented:
Austin,

Do you know if I can override the timeout as the domain admin. I mean if my staff gets locked out, do we have to wait the 30 minutes, or can I unlock them from the server?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
AustinComputerLabsCommented:
Glad I could help.
Take care and thanks for the points.
0
 
AustinComputerLabsCommented:
Right above the Account lockout threshold is the Account lockout duration.
0
 
Bert2005Author Commented:
Thanks. Sorry to ask the question again.

From what I understood, there are three settings.

1. How many attempts
2. The duration as you state which is how long before you are no longer locked out
3. And, the reset, which is the amount of minutes before a wrong attempt is forgotten

I think I read that if the duration is set to zero, then the admin has to unlock it.

But, it didn't state if you could have both. I mean it's good in case a hacker is trying to get in to have it lock after so many attempts. And, then make the lockout duration long enough that it is difficult to just try over and over.

I guess I see a scenario where my receptionist locks herself out, and she has to wait 30 minutes before she can get into her computer. I am thinking there must be a way (without changing her password) to unlock her password as the admin. Maybe not.

Hopefully, that wasn't too confusing. :-)

Thanks again.
0
 
AustinComputerLabsCommented:
If I understand what you are asking:
You are OK with the GP settings working for unattended or hacking protection.
But when the client accidentily locks it out because of a forgotton password, you like to know how to override the wait time.
If this is the case, I have not tried it but in AD Users and Computers I believe you will be able to right click the client object and choose enable account during the lockout wait time to end the lockout manually.
I hope I understood correctly.
0
 
Bert2005Author Commented:
Yes, you understood correctly. And, your answer was perfect.

As an FYI, I did try it, and it worked. :-)

Thanks very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now