Lockout domain account when disconnected?

[Guest]

We have users with laptops that often use standby when disconnected from the
network/domain. We use a screen saver/workstation locking policy and have a
GPO for account lockouts, but how do you limit login attempts when
disconnected from the domain? If we limit to 3 attempts on the domain, is
there a way to set a similar policy so unlimited brute force attempts to
unlock the domain account with the cached password won't work?

 

[Guest]

Along those lines ......

Mobile users who are not always connected to the domain. If a computer
downloads the GPO that limits login attempts to 5 and then renables the
account after 30 minutes, will the GPO get enforced when the user is not
connected to the domain? In other words will it work as expected connected or
disconnected from the domain once the GPO settings are applied?