windows 2008 domain gpo to prompt users for a security answer when account is blocked

Hi:

      We loose so many time enabling blocked accounts for some users that we want to give them a possibility of reset their password on their own.

      Is there a GPO or something I can deploy  to prompt the users for a security question response when they block their account?


thanks in advance.
LVL 3
Guillermo FeijóoSystems administratorAsked:
Who is Participating?
 
rog2054Connect With a Mentor Commented:
Agreed. There is no way of doing this within Windows AD out of the box.

There are 3rd party addons which provide this functionality (and more). I did look into some a few years ago, however in the end we chose to manage without (due to costs etc).

Here is one such program to give you an idea of what is possible
http://www.manageengine.com/products/self-service-password/active-directory-password-reset-gina-credential-provider.html
0
 
Miguel Angel Perez MuñozConnect With a Mentor Commented:
I think that AD doesn´t permit this yet. I suggest to change lockout time to 5 minutes. At this manner, users only need to wait 5 minutes until retry login again.
0
 
Guillermo FeijóoSystems administratorAuthor Commented:
thanks for your advices.
0
All Courses

From novice to tech pro — start learning today.