troubleshooting Question

security loophole for GPO - account lockout

Avatar of snowdog_2112
snowdog_2112Flag for United States of America asked on
Active DirectoryWindows Server 2008
7 Comments1 Solution728 ViewsLast Modified:
Is it just me, or is "net accounts /lockoutthreshold:x" a way to circumvent security settings pushed by GPO.

Example - I can't edit the local security policy to change lockout settings, but I can run cmd as administrator and run the above command and set the lockout "higher" than the GPO - effectively making it *LESS* secure than the GPO.

Thoughts?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros