Re: account lockout policy issues...
From: Brad Pears (donotreply_at_notreal.com)
Date: 07/13/04
- Next message: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "<< TUESDAY SECURITY PATCH DAY INFORMATION>>"
- In reply to: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Next in thread: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Reply: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 13 Jul 2004 13:55:02 -0400
Ya, I forgot to mention, none of the workstations I checked had a local
policy set. Most people connect to the terminal server using older win98
machines anyway ...
Also, I like the idea of just setting a new polciy of 10 or higher but where
should the policy be set for an SBS machine... "domain policy" or "domain
controller policy"??? I'm confused on that one...
"Dave Nickason [SBS MVP]" <gwdibble@NOSPAM.frontiernet.net> wrote in message
news:%23E34lVPaEHA.3988@tk2msftngp13.phx.gbl...
> The only place you don't mention checking is the local security policy on
> the workstations. When you set a domain policy, it gets applied to the
> workstations. Then when you remove the domain policy, I'm not sure what's
> supposed to happen, but it's possible the workstations are still applying
> the old policy even though you've removed it from the domain security
> policy. If that's the case, you should be able to just remove or alter
the
> policy in the local security policies on each workstation.
>
> Another option might be to set a domain policy with a threshhold of 10 -
if
> that gets applied correctly, it should solve your problem. Or, post a
> question in the win2k server group (since unfortunately none of us SBS'ers
> seems to have a workable solution).
>
> You don't happen to have a free PSS call available by any chance? If I
had
> users getting locked out frequently over a period of days, I'd have to
make
> the phone call even if I had to pay for it, to keep the users from stoning
> me.
>
>
>
>
> "Brad Pears" <donotreply@notreal.com> wrote in message
> news:e61YpCDaEHA.2408@tk2msftngp13.phx.gbl...
> > We have a Windows 2000 Small Business Server and a member Windows 2000
> > server we are running terminal services in admin mode on.
> >
> > For some reason, we are getting account lockout issues. There is no
> > account
> > lockout "domain security policy" configured on the SBS server nor is
there
> > an account lockout configured under "domain controller security policy".
> > Also there also isn't an account lockout "local" policy configured on
the
> > Win2K Terminal Server. So, to the best of my knowledge, there isn't ANY
> > account lockout policy configured anywhere, yet we are getting a lockout
> > after 3 invalid atempts which is way too low of a value and is causing
> > issues.
> >
> > We do have a Group Policy(GP) configured on the terminal server OU
> > (organization unit) listed under "active directory users and groups" and
a
> > GP defined on the lighlevel domain (ourdomain.local) but NEITHER of
these
> > have account lockout configured!
> >
> > So, my question is, where the heck is the account lockout coming from?
> > Could
> > there be a registry setting that did not get changed?
> >
> > Thanks,
> >
> > Brad
> >
> >
>
>
- Next message: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "<< TUESDAY SECURITY PATCH DAY INFORMATION>>"
- In reply to: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Next in thread: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Reply: Dave Nickason [SBS MVP]: "Re: account lockout policy issues..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
