Lockout Policy

Rob G · Jun 18, 2004

Hello

If I were to set a policy on a local machine that locked a user
out after 2 unsuccessful logon attempts, then set a policy at the
domain level to lock out the same user account after 3 invalid attempts
would this user now have 5 invalid attempts before being locked out?
(if they were trying to log onto the domain with their domain accout)

Thanks

Guest · Jun 18, 2004

No, the domain policys always overwrite local policies
(assuming they are propagating properly, which is a
different problem). Local polices are applied first, then
Site, then domain, then OU.

In your case the user would have 3 chances to log in and
then be locked out.

use GPRESULT in 2003 or XP to see what happens on a
specific machine+login

Jeremy@gilbarco · Jun 18, 2004

No, the domain policys always overwrite local policies
(assuming they are propagating properly, which is a
different problem). Local polices are applied first, then
Site, then domain, then OU.

In your case the user would have 3 chances to log in and
then be locked out.

use GPRESULT in 2003 or XP to see what happens on a
specific machine+login

Roberto Ruiz · Jun 18, 2004

No, the domain policy will overide the local policy, so you users wil be
locked out after 3 attempts at any machine.
Hope this helps,
Robert

Roberto Ruiz
Brainbench MVP for WinNT Workstation
http://www.brainbench.com

Lockout Policy

Rob G

Guest

Jeremy@gilbarco

Roberto Ruiz