Windows Account Lockout Policy, 2 problems.
A previous admin configured a policy to lock after 4 failed attempts and auto-unlock after 15 minutes. This drives us crazy because by the time the end-user calls us, the account has unlocked. Wasted their time, wasted our time. I want to remove auto-unlock and require an admin to unlock.
Default Domain Policy is blocked from inheritance on Computer OU's. Each computer OU has its own policy. I have modified all policies to reflect 10 failed attempts, 1440 minutes for the duration (had it set to 0, wasn't working so I thought I'd try the 1440), reset counter after 15 minutes (and I reviewed every policy in each OU to make sure there isn't a duplicate entry).
I did this on the default domain policy and all specific OU's.
I ran RSOP, and it reported what I expected to see (the policy I defined).
I have forced GP update.
I checked Local Securiy Policy, shows exactly what it should.
Accounts lockout after 4 failed attempts and they are still auto-unlocking.
Check event logs to try and determine the source, and it only shows events where an admin has unlocked an account.