Solved

windows 2008 domain gpo to prompt users for a security answer when account is blocked

Posted on 2011-09-16
3
349 Views
Last Modified: 2012-05-12
Hi:

      We loose so many time enabling blocked accounts for some users that we want to give them a possibility of reset their password on their own.

      Is there a GPO or something I can deploy  to prompt the users for a security question response when they block their account?


thanks in advance.
0
Comment
Question by:Guillermin-go
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 19

Assisted Solution

by:Miguel Angel Perez Muñoz
Miguel Angel Perez Muñoz earned 63 total points
ID: 36548081
I think that AD doesn´t permit this yet. I suggest to change lockout time to 5 minutes. At this manner, users only need to wait 5 minutes until retry login again.
0
 
LVL 3

Accepted Solution

by:
rog2054 earned 62 total points
ID: 36548595
Agreed. There is no way of doing this within Windows AD out of the box.

There are 3rd party addons which provide this functionality (and more). I did look into some a few years ago, however in the end we chose to manage without (due to costs etc).

Here is one such program to give you an idea of what is possible
http://www.manageengine.com/products/self-service-password/active-directory-password-reset-gina-credential-provider.html
0
 
LVL 3

Author Closing Comment

by:Guillermin-go
ID: 36558585
thanks for your advices.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question