Re: account lockout policy issues...
From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 07/13/04
- Next message: anonymous_at_discussions.microsoft.com: "Re: PCAnywhere on a SBS Client though ISA."
- Previous message: Chris G.: "Email mailbox access w/o domain access"
- In reply to: Brad Pears: "account lockout policy issues..."
- Next in thread: Brad Pears: "Re: account lockout policy issues..."
- Reply: Brad Pears: "Re: account lockout policy issues..."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 13 Jul 2004 12:21:04 -0400
The only place you don't mention checking is the local security policy on
the workstations. When you set a domain policy, it gets applied to the
workstations. Then when you remove the domain policy, I'm not sure what's
supposed to happen, but it's possible the workstations are still applying
the old policy even though you've removed it from the domain security
policy. If that's the case, you should be able to just remove or alter the
policy in the local security policies on each workstation.
Another option might be to set a domain policy with a threshhold of 10 - if
that gets applied correctly, it should solve your problem. Or, post a
question in the win2k server group (since unfortunately none of us SBS'ers
seems to have a workable solution).
You don't happen to have a free PSS call available by any chance? If I had
users getting locked out frequently over a period of days, I'd have to make
the phone call even if I had to pay for it, to keep the users from stoning
me.
"Brad Pears" <donotreply@notreal.com> wrote in message
news:e61YpCDaEHA.2408@tk2msftngp13.phx.gbl...
> We have a Windows 2000 Small Business Server and a member Windows 2000
> server we are running terminal services in admin mode on.
>
> For some reason, we are getting account lockout issues. There is no
> account
> lockout "domain security policy" configured on the SBS server nor is there
> an account lockout configured under "domain controller security policy".
> Also there also isn't an account lockout "local" policy configured on the
> Win2K Terminal Server. So, to the best of my knowledge, there isn't ANY
> account lockout policy configured anywhere, yet we are getting a lockout
> after 3 invalid atempts which is way too low of a value and is causing
> issues.
>
> We do have a Group Policy(GP) configured on the terminal server OU
> (organization unit) listed under "active directory users and groups" and a
> GP defined on the lighlevel domain (ourdomain.local) but NEITHER of these
> have account lockout configured!
>
> So, my question is, where the heck is the account lockout coming from?
> Could
> there be a registry setting that did not get changed?
>
> Thanks,
>
> Brad
>
>
- Next message: anonymous_at_discussions.microsoft.com: "Re: PCAnywhere on a SBS Client though ISA."
- Previous message: Chris G.: "Email mailbox access w/o domain access"
- In reply to: Brad Pears: "account lockout policy issues..."
- Next in thread: Brad Pears: "Re: account lockout policy issues..."
- Reply: Brad Pears: "Re: account lockout policy issues..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
