You're right! How could I forget... still I think he
could create a GPO at domain level, and in the properties
of that GPO, apply it only to that one OU containing the
user in question while NOT allowing it to be applied to
the other groups, ie EVERYONE.. Although MS recommends
you apply GPOs at OU level, you CAN selectively apply GPOs
from the domain level by controlling who/what the GPO
applies to.
-----Original Message-----
No, Password policy is set at the domain level and not
the OU level.
-----Original Message-----
Could he not create a new GPO which applies only to a new
OU with only the generic account in it, and apply the
more
liberal lockout policy only to that GPO?
-----Original Message-----
The only account that can not be locked out [at
least from keyboard],
is the administrator account. You can change your
account
lockout policy,
but then it wll apply to all users on the computer or
all
users in the
domain. If your account lockout setting is low, you may
want to raise it to
a higher number like ten. You may also want to
reconfigure lockout setting
as far as time before you can try logging in again. ---
Steve
message
Does anyone know how to set a user account up so that
it
can't be locked out? We have a generic account that
many
users log into and they are constantly locking it out.
Any ideas would be much appreciated.
Thanks
.
.
.