Doing a project for a non-profit educational institution and we having an issue.
Running on Server2003 SBS. Policy is to lockout a account until manually unlocked after 5 failed attempts.
There is a concern that a person will deliberately lock out all the admin accounts in the domain. Short of having a hidden account that we will be able to login with, is there a way to prevent admin accounts from being locked until unlocked?
we have the system set to auto-unlock accounts after 30 minutes.
I guess we are looking for a way to be able to trigger a unlock, external of the network, on just admin accounts.
Short of having a scheduled task run dsmod to unlock an account every so often, I don't see how. 2000/2003 AD doesn't support multiple account/password policies; you can only do that with 2008.
Rename the admin accounts and remove any lockout policies on 2003 server. On 2008 you can specify different policies (as mentioned above).
There are currently 1 users browsing this thread. (0 members and 1 guests)