+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, Prevent Admin account lockouts in Technical; Hi there, Doing a project for a non-profit educational institution and we having an issue. Running on Server2003 SBS. Policy ...
  1. #1
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    463
    Thank Post
    44
    Thanked 73 Times in 68 Posts
    Rep Power
    19

    Prevent Admin account lockouts

    Hi there,
    Doing a project for a non-profit educational institution and we having an issue.

    Running on Server2003 SBS. Policy is to lockout a account until manually unlocked after 5 failed attempts.

    There is a concern that a person will deliberately lock out all the admin accounts in the domain. Short of having a hidden account that we will be able to login with, is there a way to prevent admin accounts from being locked until unlocked?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,940
    Thank Post
    886
    Thanked 1,693 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    Quote Originally Posted by MordyT View Post
    Hi there,
    Doing a project for a non-profit educational institution and we having an issue.

    Running on Server2003 SBS. Policy is to lockout a account until manually unlocked after 5 failed attempts.

    There is a concern that a person will deliberately lock out all the admin accounts in the domain. Short of having a hidden account that we will be able to login with, is there a way to prevent admin accounts from being locked until unlocked?
    The original administrator account doesn't lockout. You can set it to automatically unlock accounts after a period of time if you like.

  3. #3
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    463
    Thank Post
    44
    Thanked 73 Times in 68 Posts
    Rep Power
    19
    Hi,
    we have the system set to auto-unlock accounts after 30 minutes.
    I guess we are looking for a way to be able to trigger a unlock, external of the network, on just admin accounts.

  4. #4
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    798
    Thank Post
    82
    Thanked 131 Times in 114 Posts
    Blog Entries
    8
    Rep Power
    31
    Short of having a scheduled task run dsmod to unlock an account every so often, I don't see how. 2000/2003 AD doesn't support multiple account/password policies; you can only do that with 2008.

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Rename the admin accounts and remove any lockout policies on 2003 server. On 2008 you can specify different policies (as mentioned above).

SHARE:
+ Post New Thread

Similar Threads

  1. Admin Account Disabling certain elements
    By mmoseley in forum Network and Classroom Management
    Replies: 6
    Last Post: 20th March 2008, 01:28 AM
  2. Is my domain Admin account screwed?
    By HodgeHi in forum Mac
    Replies: 2
    Last Post: 9th January 2008, 03:38 PM
  3. USB Ports asking for Admin Account
    By Psymon in forum Windows
    Replies: 16
    Last Post: 14th October 2007, 10:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •