Solved

How to lock a vpn/domain account after x number of tries on windows 2008

Posted on 2011-03-09
3
519 Views
Last Modified: 2012-05-11
We are using windows 2008 as a vpn server, using NPS (on the same box)  for defining the connection criteria (ie. time and day of access, timeouts, etc) and domain user accounts for authentication.

When logging on to a domain joined workstation (not via vpn) if the user fails the log in after x number of attempts the domain account is locked.  However, this does not happen on the (remote user) VPN connection.  Remote computers are not joined to the domain.  Is there a setting somewhere (that I don't see) that I can tell windows 2008 to lock the account after x number of tries?

The VPN / Terminal server box is 2008 sever standard.  Currently our DC is a W2K box.  Soon to be upgraded to 2008 but we are trying to get the VPN solution working now.  All clients right now are win XP.  Apparently since I am using NPS with specific AD groups (on the 2008 box), the "Dial-in" tab in for the user in AD computers and users does not affect the ability to connect.
0
Comment
Question by:PlazaProp
  • 2
3 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35086117
0
 
LVL 1

Accepted Solution

by:
PlazaProp earned 0 total points
ID: 35087841
Thanks for the tip but I found that I had "allow access" check in on the dial in tab instead "control access through remote access policy".  After I changed it the account was locking after x number of attempts as defined by GPO.  
0
 
LVL 1

Author Closing Comment

by:PlazaProp
ID: 35126374
fix own issue
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need a script to force reset O365 Mailbox password after receiving an antispamalert email 2 28
Duplicate SPN records 4 19
Application Crash 2 23
Problem to setup GUI 11 33
A safe way to clean winsxs folder from your windows server 2008 R2 editions
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question