?
Solved

Windows Account lockout Policy

Posted on 2011-10-19
8
Medium Priority
?
870 Views
Last Modified: 2012-05-12

Reset account lockout counter after = How long (in minutes) it takes after a failed logon attempt before the counter tracking failed logons is reset to zero (range is 1 to 99,999 minutes).
A few special cases are:

Account lockout duration

 I am trying to understand the difference between
Reset account lockout counter after  AND Account lockout duration


Thanks
0
Comment
Question by:jskfan
  • 4
  • 4
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 36997750
So lets say you have passwords set to lock after 5 bad attempts.

I put in 3 bad passwords and get it on number 4.   Right now my account lockout counter is set to 3.   The Reset account lockout after setting sets how long until that counter is set back to 0

account lockout duration sets the number of minutes the account is locked out before becoming automatically unlocked

More on the settings here


http://technet.microsoft.com/en-us/library/cc784599(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc758659(WS.10).aspx

THanks

Mike

0
 

Author Comment

by:jskfan
ID: 36997785
in  your example you are saying the Lock out kicks in after 5 bad attempts.
you typed 3 wrong passwords then you typed the right password at the 4th attempt. at this stage the counter is set to 0.

This shoudld be the default, and I don't see that it will make sense if it was set up otherwise.


0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 2000 total points
ID: 36997789
no at that point the counter is still at 3; it will go back to 0 after the time you set in the policy.

Thanks

Mike
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:jskfan
ID: 36997809
in our case is 15 minutes.

I don't understand the purpose of this setting <<Reset account lockout counter after>>
If the setting didn't exist at all what would as a security breach.??
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 2000 total points
ID: 36997811
0
 

Author Comment

by:jskfan
ID: 36997931
I understand. it stores the number of your failed login attempts even after you succeded to login [as long as you didn't pass the threshold ]. and the number will be reset to 0 when the time of [Reset account lockout counter after] has expired.

It is just another Headache for the Administrators ..)

0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 2000 total points
ID: 36997942
I'd personally like to see self service PW reset features...without add-on products.
0
 

Author Closing Comment

by:jskfan
ID: 36998085
Thanks for your help
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question