1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

disable account on invalid login

Discussion in 'Windows Security' started by David, Apr 28, 2009.

  1. David

    David Guest

    I have a windows 2003 server sp1 being used as a domain controller.

    Under the Default DC Security Settings/Account Policies/Account lockout policy

    I have 'account lockout threshold' set to 3 invalid login attempts
    and 'account lockout duration' is 30 min.

    Yet when there are 3 invalid attemtps the account is not disabled.

    Is there another setting somewhere that need attenion for the account
    to be disabled on invalid login attemps.

    thanks,
    David
     
    David, Apr 28, 2009
    #1
  3. Phil Wilson

    Phil Wilson Guest

    The DC is available right? It's not using cached credentials is it?
    Phil Wilson

    "David" <David@discussions.microsoft.com> wrote in message
    news:3CC8D11B-E63E-42C2-BC21-0C83149FD148@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    >I have a windows 2003 server sp1 being used as a domain controller.
    >
    > Under the Default DC Security Settings/Account Policies/Account lockout
    > policy
    >
    > I have 'account lockout threshold' set to 3 invalid login attempts
    > and 'account lockout duration' is 30 min.
    >
    > Yet when there are 3 invalid attemtps the account is not disabled.
    >
    > Is there another setting somewhere that need attenion for the account
    > to be disabled on invalid login attemps.
    >
    > thanks,
    > David
    > <!--colorc--><!--/colorc-->
     
    Phil Wilson, Apr 28, 2009
    #2
  4. Mads Petersen

    Mads Petersen Guest

    "David" <David@discussions.microsoft.com> skrev i meddelelsen
    news:3CC8D11B-E63E-42C2-BC21-0C83149FD148@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > I have a windows 2003 server sp1 being used as a domain controller.
    >
    > Under the Default DC Security Settings/Account Policies/Account lockout
    > policy
    >
    > I have 'account lockout threshold' set to 3 invalid login attempts
    > and 'account lockout duration' is 30 min.
    >
    > Yet when there are 3 invalid attemtps the account is not disabled.
    >
    > Is there another setting somewhere that need attenion for the account
    > to be disabled on invalid login attemps.
    >
    > thanks,
    > David
    ><!--colorc--><!--/colorc-->

    did you test right after you edited the GPO?
    did you try to run a gpupdate /force before that?
     
    Mads Petersen, Apr 29, 2009
    #3

Share This Page