ctna
asked on
Windows Account Lockout Policy, not taking effect
Windows Account Lockout Policy, 2 problems.
A previous admin configured a policy to lock after 4 failed attempts and auto-unlock after 15 minutes. This drives us crazy because by the time the end-user calls us, the account has unlocked. Wasted their time, wasted our time. I want to remove auto-unlock and require an admin to unlock.
Default Domain Policy is blocked from inheritance on Computer OU's. Each computer OU has its own policy. I have modified all policies to reflect 10 failed attempts, 1440 minutes for the duration (had it set to 0, wasn't working so I thought I'd try the 1440), reset counter after 15 minutes (and I reviewed every policy in each OU to make sure there isn't a duplicate entry).
I did this on the default domain policy and all specific OU's.
I ran RSOP, and it reported what I expected to see (the policy I defined).
I have forced GP update.
I checked Local Securiy Policy, shows exactly what it should.
Accounts lockout after 4 failed attempts and they are still auto-unlocking.
Check event logs to try and determine the source, and it only shows events where an admin has unlocked an account.
A previous admin configured a policy to lock after 4 failed attempts and auto-unlock after 15 minutes. This drives us crazy because by the time the end-user calls us, the account has unlocked. Wasted their time, wasted our time. I want to remove auto-unlock and require an admin to unlock.
Default Domain Policy is blocked from inheritance on Computer OU's. Each computer OU has its own policy. I have modified all policies to reflect 10 failed attempts, 1440 minutes for the duration (had it set to 0, wasn't working so I thought I'd try the 1440), reset counter after 15 minutes (and I reviewed every policy in each OU to make sure there isn't a duplicate entry).
I did this on the default domain policy and all specific OU's.
I ran RSOP, and it reported what I expected to see (the policy I defined).
I have forced GP update.
I checked Local Securiy Policy, shows exactly what it should.
Accounts lockout after 4 failed attempts and they are still auto-unlocking.
Check event logs to try and determine the source, and it only shows events where an admin has unlocked an account.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER