Jump to content
CLOSING SOON! DfE Technology in Schools Survey for 2025 (England Only) - Closes 23rd of May!

Stopping an Account locking out

jj99

By jj99
in Windows

 Share

Recommended Posts

jj99

jj99

Posted
Posted

Challenge unless im being exceptionaly dumb!!!

 

I have a windows 2003 network with normal password etc an account lockout rule of 5 mispellings and its locked for 30 mins.

 

We have recently got rid of our "adminstrator" account and replaced with anaother account however this keeps locking out as it giot a nice complicated password, does anyone know how to stop this with out removing the lockout policy.

 

Ta very muchly

adamf

adamf

Posted
Posted

How have you got the lockout policy set through group policy? Is it on the default domain or default domain controller policy?

 

What about putting it on the the OU where you user accounts are and put the accounts you don't want to apply the policy to in a seperate OU?

maniac

maniac

Posted
Posted

If you put the accounts you don't want this rule to apply to in a seperate OU, and block policy inheritance, that will do the trick. That's what we do for service accounts and the like that we don't want our normal policies to apply to.

 

Mike.

jj99

jj99

Posted
  • Author
Posted

I thought you could have only password rule for the whole domain? Or is that just the password complexity policy?

 

Ill try the diffrent group policys tomorrow then we had kept it the "users" ou so it didnt get to many gp's just incase they caused an issue in the future

 

My 2003 admins course seems such a long time ago....

srochford

srochford

Posted
Posted

You might also want to revisit the lockout policy - there's some evidence that the default 5/30 is not very helpful. If someone is trying an automated hacking tool then they're likely to make hundreds of attempts and (unless you have very weak passwords) they won't get in with just 5 attempts.

 

You could also try changing your complex password to a complex phrase - this can be long, with punctuation marks and numbers but easier (perhaps!) to remember and type :-)

User3204

User3204

Posted
Posted

We had to increase the normal 5 logons failure upwards, as our students kept holding down the enter key at the logon screen, and this would block the previous user.

 

I think it's upto 15 attempts in 15 minutes, which seemed to stop this, especially as the caching applies to 3 logons, so after three attempts our logon box "thinks" before checking.

HMCTech

HMCTech

Posted
Posted
We had to increase the normal 5 logons failure upwards, as our students kept holding down the enter key at the logon screen, and this would block the previous user.

 

 

Could you not go into secpol.msc > Local Policies > Security Options > Do not display last username Enable?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 33 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...