When away from desk account gets locked

[ade]

Hello all,

Win2k server/pro, Outlook2k3

We have just implemented an account lockout policy. A users NT account is
locked after 3 invalid atempts for 30 mins. Two times since then, when a
laptop user has been away from the desk at lunch, they have returned to
their desk and found the account to be locked, even though no one has
accessed their machine. Would you happen to know why this would happen?
Any help much appreciated.

 

[Cary Shultz [A.D. MVP]]

Ade,

Just a general tip: you do not necessarily want to go with three bad
attempts before lock out. You might want to consider something like seven
or eight or maybe even 10 bad attempts before lock out. The whole point
behind this is to stop the hacker who is trying to brute force this. Shoot,
it might take two or three tries before the user thinks to check to see if
'Caps Lock' is on.......

Now, is that laptop user logged on someplace else as well ( er, with the old
password ).

You might want to consider looking at the ALTools from the MS web site.
There are several really neat tools that are a part of this package.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Brandon McCombs]

Hello all,

Win2k server/pro, Outlook2k3

We have just implemented an account lockout policy. A users NT account is
locked after 3 invalid atempts for 30 mins. Two times since then, when a
laptop user has been away from the desk at lunch, they have returned to
their desk and found the account to be locked, even though no one has
accessed their machine. Would you happen to know why this would happen?
Any help much appreciated.

Check to see if the user has any mapped drivings and a recently changed
password where the mapped drive is still using the old password and causing
the lockout.