Password lockout

[Mark]

Hi all,
I currently have the policy on our domain to lock an
account after 3 unsuccessfull attempts. However I have a
number of accounts that I need to remove this from and
have the accounts never lock. Does anyone know if this is
possible?

Thank you

 

[Steven L Umbach]

That is not possible for a domain account. Your threshold is very low.
Microsoft recommends a minimum of ten which is plenty to stop password
attacks unless you are allowing very weak paswords. --- Steve

 

[MS Newsgroups]

Take a look at this

http://support.microsoft.com/default.aspx?scid=KB;EN-US;255550

Regards

Niclas Lindblom

 

[Brian Ledbetter]

Deny the "Apply Group Policy" permission to the selected accounts.

Brian

 

[Derek Melber [MVP]]

Mark,

That is a computer based setting, so it is configuring the DCs, not any user
account. There is no way to segregate specific users from this policy. The
only way to really get it to work the way you want is to create another
domain and move the users that need a different account policy setting to
the new domain. This is NOT suggested, I am only telling you the method to
get it done.