troubleshooting Question

Default Domain Policy GPO Account Polices being overridden by Domain Controller's Local Security Policy

Avatar of Drew McCurdy
Drew McCurdy asked on
Active DirectorySecurity
10 Comments1 Solution90 ViewsLast Modified:
The Default Domain Policy GPO specifies a value of 3 for the "Account Lockout Threshold", however, the value that is in effect is "5".  I've discovered that users are getting the effective value from the Domain Controllers' Local Security Policy (not to be confused with the Default Domain Controllers Policy GPO), which some people say is by design.  My first question is:  Is this how the system should be working? My second question is, if the answer to the first is "yes", what other settings/values in the Domain Controllers' Local Security Policy might be overriding my Default Domain Policy GPO?
Join our community to see this answer!
Unlock 1 Answer and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros