Windows Thread, Stopping an Account locking out in Technical; Challenge unless im being exceptionaly dumb!!!
I have a windows 2003 network with normal password etc an account lockout rule ...
21st October 2008, 07:47 PM #1
Stopping an Account locking out
Challenge unless im being exceptionaly dumb!!!
I have a windows 2003 network with normal password etc an account lockout rule of 5 mispellings and its locked for 30 mins.
We have recently got rid of our "adminstrator" account and replaced with anaother account however this keeps locking out as it giot a nice complicated password, does anyone know how to stop this with out removing the lockout policy.
Ta very muchly
21st October 2008, 08:02 PM #2
How have you got the lockout policy set through group policy? Is it on the default domain or default domain controller policy?
What about putting it on the the OU where you user accounts are and put the accounts you don't want to apply the policy to in a seperate OU?
21st October 2008, 08:12 PM #3
If you put the accounts you don't want this rule to apply to in a seperate OU, and block policy inheritance, that will do the trick. That's what we do for service accounts and the like that we don't want our normal policies to apply to.
21st October 2008, 08:52 PM #4
I thought you could have only password rule for the whole domain? Or is that just the password complexity policy?
Ill try the diffrent group policys tomorrow then we had kept it the "users" ou so it didnt get to many gp's just incase they caused an issue in the future
My 2003 admins course seems such a long time ago....
22nd October 2008, 01:05 PM #5
You might also want to revisit the lockout policy - there's some evidence that the default 5/30 is not very helpful. If someone is trying an automated hacking tool then they're likely to make hundreds of attempts and (unless you have very weak passwords) they won't get in with just 5 attempts.
You could also try changing your complex password to a complex phrase - this can be long, with punctuation marks and numbers but easier (perhaps!) to remember and type :-)
22nd October 2008, 08:30 PM #6
We had to increase the normal 5 logons failure upwards, as our students kept holding down the enter key at the logon screen, and this would block the previous user.
I think it's upto 15 attempts in 15 minutes, which seemed to stop this, especially as the caching applies to 3 logons, so after three attempts our logon box "thinks" before checking.
23rd October 2008, 08:45 AM #7
Could you not go into secpol.msc > Local Policies > Security Options > Do not display last username Enable?
Originally Posted by User3204
Last Post: 4th June 2011, 03:14 PM
By WithoutMotive in forum How do you do....it?
Last Post: 15th September 2008, 12:26 PM
By mac_shinobi in forum Mac
Last Post: 23rd January 2008, 07:16 PM
Last Post: 26th September 2006, 08:51 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)