Re: Setting Account Lockout Policies with a NT PDC

From: H C (keydet89@yahoo.com)
Date: 07/26/02

• Previous message: Jim Lindsey: "RE: Setting Account Lockout Policies with a NT PDC"
• In reply to: Jason Radtke: "Setting Account Lockout Policies with a NT PDC"
• Next in thread: Jason Radtke: "Fw: Setting Account Lockout Policies with a NT PDC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 26 Jul 2002 14:55:39 -0700 (PDT)
From: H C <keydet89@yahoo.com>
To: Jason Radtke <crd427@hotmail.com>, focus-ms@securityfocus.com

Jason,

After reading through your post, I'm having some
trouble seeing where you're finding the difficulty,
exactly. When you connect the Win2K client to the the
NT PDC, you seem to be thinking that the settings for
the domain account will be ignored simply b/c the
client is Win2K. This is NOT the case.

If you want to set the account lockout policies for
the NT PDC, simply go to the PDC, open User Manager
for Domains, click Policies, then Accounts. Then set
your account lockout settings. Yes, this can also be
done via a variety of scripts.

Changing the local Admin passwords on the clients is
also pretty simple w/ a Perl script that uses the
Win32::Lanman module.

--- Jason Radtke <crd427@hotmail.com> wrote:
>
>
> I am looking for assistance in changing the account
> lockout policy
> settings for my end users.
>
> PDC is a Windows NT Server
> 80% workstations Windows 2000
> 20% workstations Windows NT4 (at the end of a
> migration stage to Windows
> 2000, so I am not worried as much about changing the
> policies on the nt4
> workstations)
>
> I came across a thread with a tool called
> "AccountPolicy 0.2" but it
> appeared to be for a complete Windows NT4
> environment
>
> I also read on a previous thread that you can change
> the workstation local
> admin passwords via a script. Is this able to be
> done with a NT Server to
> Windows 2000 workstations and if so can someone
> point me in the right
> direction.
>
> Thanks in Advance

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

---

• Previous message: Jim Lindsey: "RE: Setting Account Lockout Policies with a NT PDC"
• In reply to: Jason Radtke: "Setting Account Lockout Policies with a NT PDC"
• Next in thread: Jason Radtke: "Fw: Setting Account Lockout Policies with a NT PDC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Using EFS with Network Shares and SFU 3.5 ... It does not take EFS into account. ... could again use the sharing server audit logs to see if success ... Read extended attribute and Read data, since the NFS client may ... Windows and *nix clients. ... (microsoft.public.windows.server.security) NT4 to 2003 problem w/ Mandatory profiles ... just a single PDC and like 10 Windows XP clients. ... The Windows XP client machines are operator stations for a phone answering ... computer for their primary DNS and made sure that the mandatory profiles ... (microsoft.public.windows.server.migration) Re: Using one Username to login to TS ... The client purchased TS Device CALs ... user account until we found the problem. ... The biggest problem with this setup is profile corruption. ... Computer Configuration - Administrative templates - Windows ... (microsoft.public.windows.terminal_services) Re: W32Time Errors ... the time service is running on the Windows 2000 PDC and there are ... All of the client machines are using internal DNS, ... I setup a Windows 2000 Domain. ... Is the Time service running on the 2000 machine? ... (microsoft.public.windows.server.networking) Re: NT4 to 2003 problem w/ Mandatory profiles ... Alright I'm going onsite w/ the client in just a bit I'll give that a try. ... just a single PDC and like 10 Windows XP clients. ... new lockdown I implemented mandatory profiles. ... (microsoft.public.windows.server.migration)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)