Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

windows 2008 domain gpo to prompt users for a security answer when account is blocked

Posted on 2011-09-16
3
Medium Priority
?
355 Views
Last Modified: 2012-05-12
Hi:

      We loose so many time enabling blocked accounts for some users that we want to give them a possibility of reset their password on their own.

      Is there a GPO or something I can deploy  to prompt the users for a security question response when they block their account?


thanks in advance.
0
Comment
Question by:Guillermin-go
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 19

Assisted Solution

by:Miguel Angel Perez Muñoz
Miguel Angel Perez Muñoz earned 252 total points
ID: 36548081
I think that AD doesn´t permit this yet. I suggest to change lockout time to 5 minutes. At this manner, users only need to wait 5 minutes until retry login again.
0
 
LVL 3

Accepted Solution

by:
rog2054 earned 248 total points
ID: 36548595
Agreed. There is no way of doing this within Windows AD out of the box.

There are 3rd party addons which provide this functionality (and more). I did look into some a few years ago, however in the end we chose to manage without (due to costs etc).

Here is one such program to give you an idea of what is possible
http://www.manageengine.com/products/self-service-password/active-directory-password-reset-gina-credential-provider.html
0
 
LVL 3

Author Closing Comment

by:Guillermin-go
ID: 36558585
thanks for your advices.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question