windows 2008 domain gpo to prompt users for a security answer when account is blocked

Hi:

      We loose so many time enabling blocked accounts for some users that we want to give them a possibility of reset their password on their own.

      Is there a GPO or something I can deploy  to prompt the users for a security question response when they block their account?


thanks in advance.
LVL 3
Guillermo FeijóoSystems administratorAsked:
Who is Participating?
 
rog2054Commented:
Agreed. There is no way of doing this within Windows AD out of the box.

There are 3rd party addons which provide this functionality (and more). I did look into some a few years ago, however in the end we chose to manage without (due to costs etc).

Here is one such program to give you an idea of what is possible
http://www.manageengine.com/products/self-service-password/active-directory-password-reset-gina-credential-provider.html
0
 
Miguel Angel Perez MuñozCommented:
I think that AD doesn´t permit this yet. I suggest to change lockout time to 5 minutes. At this manner, users only need to wait 5 minutes until retry login again.
0
 
Guillermo FeijóoSystems administratorAuthor Commented:
thanks for your advices.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.