T
Troy
How do make a domain user in AD locked out after say 3
failed attempts with a bad password?
failed attempts with a bad password?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
Dave
You have to do it through Group Policy.
In Win2k this is what you can do. (maybe works on win2003 also)
If you know how to get to domain policies skip these steps
Open up AD Users and Computers.
Right click on either the Domain or the OU and select Properties. (Domain
will set the policy for all users)
Click on Domain Policy Tab
Click on Edit
In Group Policy Edit window
Drill down to Computer Configuration->Windows Settings->Security
Settings->Account Policies->Account Lockout Policy
After you set the settings and close out of the Policy MMC, refresh your
policy by typing
secedit /refreshpolicy machine_policy /enforce
at a command line
Dave
In Win2k this is what you can do. (maybe works on win2003 also)
If you know how to get to domain policies skip these steps
Open up AD Users and Computers.
Right click on either the Domain or the OU and select Properties. (Domain
will set the policy for all users)
Click on Domain Policy Tab
Click on Edit
In Group Policy Edit window
Drill down to Computer Configuration->Windows Settings->Security
Settings->Account Policies->Account Lockout Policy
After you set the settings and close out of the Policy MMC, refresh your
policy by typing
secedit /refreshpolicy machine_policy /enforce
at a command line
Dave
P
Paul Adare - MVP - Microsoft Virtual PC
You have to do it through Group Policy.
In Win2k this is what you can do. (maybe works on win2003 also)
If you know how to get to domain policies skip these steps
Open up AD Users and Computers.
Right click on either the Domain or the OU and select Properties. (Domain
will set the policy for all users)
You _must_ set Account Lockout policy at the domain level if you want it
to affect domain accounts. Setting it anywhere else will have absolutely
no effect on domain accounts. Same with Password Policies.
Click on Domain Policy Tab
Click on Edit
In Group Policy Edit window
Drill down to Computer Configuration->Windows Settings->Security
Settings->Account Policies->Account Lockout Policy
After you set the settings and close out of the Policy MMC, refresh your
policy by typing
secedit /refreshpolicy machine_policy /enforce
This only works for Windows 2000. For XP and 2003 the command is
gpupdate /force.
P
Pradeep
In Domain Policy go to Computer
configuration......>Windows Settings..........>security
settings.......>Account policies.......>Account lockout
policies.
Click on that. On right hand side there are three options.
Click on Account lockout threshold. Set the login
attempts after which the account will be locked out.
Thanks
PP
configuration......>Windows Settings..........>security
settings.......>Account policies.......>Account lockout
policies.
Click on that. On right hand side there are three options.
Click on Account lockout threshold. Set the login
attempts after which the account will be locked out.
Thanks
PP
S
Steven L Umbach
Other have told you how to do it, but I would not recommend a setting of three. MS
recommends no less than ten as long as you take other measures to use secure
passwords such as enabling complexity. Due to the way the authentication process
works and that there can be multiple authentication protocols, you may experience
lockouts after one bad attempt even with a threshold set at five or so. Read the
account lockout white paper at the link below for more details. --- Steve
http://www.microsoft.com/downloads/...90-a13b-4977-a4fc-3e2b67e3748e&displaylang=en
recommends no less than ten as long as you take other measures to use secure
passwords such as enabling complexity. Due to the way the authentication process
works and that there can be multiple authentication protocols, you may experience
lockouts after one bad attempt even with a threshold set at five or so. Read the
account lockout white paper at the link below for more details. --- Steve
http://www.microsoft.com/downloads/...90-a13b-4977-a4fc-3e2b67e3748e&displaylang=en