Windows Account Lockout Policy, 2 problems.
A previous admin configured a policy to lock after 4 failed attempts and auto-unlock after 15 minutes. This drives us crazy because by the time the end-user calls us, the account has unlocked. Wasted their time, wasted our time. I want to remove auto-unlock and require an admin to unlock.
Default Domain Policy is blocked from inheritance on Computer OU's. Each computer OU has its own policy. I have modified all policies to reflect 10 failed attempts, 1440 minutes for the duration (had it set to 0, wasn't working so I thought I'd try the 1440), reset counter after 15 minutes (and I reviewed every policy in each OU to make sure there isn't a duplicate entry).
I did this on the default domain policy and all specific OU's.
I ran RSOP, and it reported what I expected to see (the policy I defined).
I have forced GP update.
I checked Local Securiy Policy, shows exactly what it should.
Accounts lockout after 4 failed attempts and they are still auto-unlocking.
Check event logs to try and determine the source, and it only shows events where an admin has unlocked an account.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.