Windows Account Lockout Policy, not taking effect
Windows Account Lockout Policy, 2 problems.
A previous admin configured a policy to lock after 4 failed attempts and auto-unlock after 15 minutes. This drives us crazy because by the time the end-user calls us, the account has unlocked. Wasted their time, wasted our time. I want to remove auto-unlock and require an admin to unlock.
Default Domain Policy is blocked from inheritance on Computer OU's. Each computer OU has its own policy. I have modified all policies to reflect 10 failed attempts, 1440 minutes for the duration (had it set to 0, wasn't working so I thought I'd try the 1440), reset counter after 15 minutes (and I reviewed every policy in each OU to make sure there isn't a duplicate entry).
I did this on the default domain policy and all specific OU's.
I ran RSOP, and it reported what I expected to see (the policy I defined).
I have forced GP update.
I checked Local Securiy Policy, shows exactly what it should.
Accounts lockout after 4 failed attempts and they are still auto-unlocking.
Check event logs to try and determine the source, and it only shows events where an admin has unlocked an account.
A previous admin configured a policy to lock after 4 failed attempts and auto-unlock after 15 minutes. This drives us crazy because by the time the end-user calls us, the account has unlocked. Wasted their time, wasted our time. I want to remove auto-unlock and require an admin to unlock.
Default Domain Policy is blocked from inheritance on Computer OU's. Each computer OU has its own policy. I have modified all policies to reflect 10 failed attempts, 1440 minutes for the duration (had it set to 0, wasn't working so I thought I'd try the 1440), reset counter after 15 minutes (and I reviewed every policy in each OU to make sure there isn't a duplicate entry).
I did this on the default domain policy and all specific OU's.
I ran RSOP, and it reported what I expected to see (the policy I defined).
I have forced GP update.
I checked Local Securiy Policy, shows exactly what it should.
Accounts lockout after 4 failed attempts and they are still auto-unlocking.
Check event logs to try and determine the source, and it only shows events where an admin has unlocked an account.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER