lock out local admin account

  • Thread starter Thread starter Ed
  • Start date Start date
E

Ed

We use AD and are looking through the GPO policies for a
setting that will allow the local administrator account to
be locked out after a set number of unsuccessfull attemps
but could not find it. Does anyone know where I can find
this setting in the GPO policies or is this setting found
elsewere?

Thanks
 
Hello, Laura also MVP, you may know of her, told me the built-in
administrator account can be locked out in Windows Server 2003.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
Hi Chris.

In a default installation, the built in administrator account can not be
locked out. There is a Resource Kit tool called passprop that has the option
to lockout the built in administrator account, but only to network logons.
It will not prevent interactive console logon - at least for domain
controllers for the built in domain administrator account and the local
console for local built in administrator account on non domain controllers.
Windows XP and 2003 allows the administrator account to be disabled, but it
can be accessed by booting into Safe Mode which of course requires physical
access to the computer. I found a link to download passprop for anyone who
want s to try it. --- Steve


http://www.jsiinc.com/SUBE/tip2000/rh2077.htm
http://www.petri.co.il/download_free_reskit_tools.htm
 
Correct. The account can be locked out over the network, however not for
console (Interactive) access. I think the original poster is attempting to
achieve interactive lockout.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com
 
Back
Top