+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, Prevent Admin account lockouts in Technical; Hi there, Doing a project for a non-profit educational institution and we having an issue. Running on Server2003 SBS. Policy ...
  1. #1
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    367
    Thank Post
    38
    Thanked 64 Times in 59 Posts
    Rep Power
    18

    Prevent Admin account lockouts

    Hi there,
    Doing a project for a non-profit educational institution and we having an issue.

    Running on Server2003 SBS. Policy is to lockout a account until manually unlocked after 5 failed attempts.

    There is a concern that a person will deliberately lock out all the admin accounts in the domain. Short of having a hidden account that we will be able to login with, is there a way to prevent admin accounts from being locked until unlocked?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,390
    Thank Post
    797
    Thanked 1,587 Times in 1,390 Posts
    Blog Entries
    10
    Rep Power
    427
    Quote Originally Posted by MordyT View Post
    Hi there,
    Doing a project for a non-profit educational institution and we having an issue.

    Running on Server2003 SBS. Policy is to lockout a account until manually unlocked after 5 failed attempts.

    There is a concern that a person will deliberately lock out all the admin accounts in the domain. Short of having a hidden account that we will be able to login with, is there a way to prevent admin accounts from being locked until unlocked?
    The original administrator account doesn't lockout. You can set it to automatically unlock accounts after a period of time if you like.

  3. #3
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    367
    Thank Post
    38
    Thanked 64 Times in 59 Posts
    Rep Power
    18
    Hi,
    we have the system set to auto-unlock accounts after 30 minutes.
    I guess we are looking for a way to be able to trigger a unlock, external of the network, on just admin accounts.

  4. #4
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    731
    Thank Post
    74
    Thanked 113 Times in 99 Posts
    Blog Entries
    8
    Rep Power
    27
    Short of having a scheduled task run dsmod to unlock an account every so often, I don't see how. 2000/2003 AD doesn't support multiple account/password policies; you can only do that with 2008.

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Rename the admin accounts and remove any lockout policies on 2003 server. On 2008 you can specify different policies (as mentioned above).

SHARE:
+ Post New Thread

Similar Threads

  1. Admin Account Disabling certain elements
    By mmoseley in forum Network and Classroom Management
    Replies: 6
    Last Post: 20th March 2008, 01:28 AM
  2. Is my domain Admin account screwed?
    By HodgeHi in forum Mac
    Replies: 2
    Last Post: 9th January 2008, 03:38 PM
  3. USB Ports asking for Admin Account
    By Psymon in forum Windows
    Replies: 16
    Last Post: 14th October 2007, 10:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •