We are using windows 2008 as a vpn server, using NPS (on the same box) for defining the connection criteria (ie. time and day of access, timeouts, etc) and domain user accounts for authentication.
When logging on to a domain joined workstation (not via vpn) if the user fails the log in after x number of attempts the domain account is locked. However, this does not happen on the (remote user) VPN connection. Remote computers are not joined to the domain. Is there a setting somewhere (that I don't see) that I can tell windows 2008 to lock the account after x number of tries?
The VPN / Terminal server box is 2008 sever standard. Currently our DC is a W2K box. Soon to be upgraded to 2008 but we are trying to get the VPN solution working now. All clients right now are win XP. Apparently since I am using NPS with specific AD groups (on the 2008 box), the "Dial-in" tab in for the user in AD computers and users does not affect the ability to connect.