RE: Account Lockout Policy
From: RAMI KHANFER (RAMI.KHANFER_at_mobilecom.jo)
Date: 10/20/05
- Previous message: Bates, Chris: "FW: Account Lockout Policy"
- Maybe in reply to: Shabbar Arsiwala: "Account Lockout Policy"
- Next in thread: Laura A. Robinson: "RE: Account Lockout Policy"
- Reply: Laura A. Robinson: "RE: Account Lockout Policy"
- Reply: Rasmus Rønlev: "Re: Account Lockout Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 19:48:31 +0200 To: "Derick Anderson" <danderson@vikus.com>, "Shabbar Arsiwala" <sarsiwala@obleness.org>, <focus-ms@securityfocus.com>
You can not configure account policy on OU; the only place where you can
configure account policy is at the domain level.
Best Regards
Rami Khanfer
MobileCom - IT Direction/ Infrastructure Department
Mobile + 962 777 801539
Email Rami.Khanfer@mobilecom.jo
-----Original Message-----
From: Derick Anderson [mailto:danderson@vikus.com]
Sent: Thursday/October/2005 05:59 PM
To: Shabbar Arsiwala; focus-ms@securityfocus.com
Subject: RE: Account Lockout Policy
> -----Original Message-----
> From: Shabbar Arsiwala [mailto:sarsiwala@obleness.org]
> Sent: Thursday, October 20, 2005 9:07 AM
> To: focus-ms@securityfocus.com
> Subject: Account Lockout Policy
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> We have an account lockout policy setup for users on our
> domain Win 2K3 / Active Directory environment. 4 invalid
> attempts the account locks out / 30 mins the account is
> released. We would like to change this policy for one the
> machines on our domain. This machine uses a local
> administrator account to log in.
>
> Is this possible ???
>
> Thanks,
> Shabbar
It is possible to change the *local* machine account lockout policy for
a specific machine, but not the *domain* lockout policy. To do this you
need to put your *domain* password policy in the Domain Controllers OU,
create a separate OU for this one machine, make a new policy with the
desired lockout settings, and link it to the single machine's OU. This
will only work for *local* accounts (such as MACHINE\Administrator), not
*domain* accounts (DOMAIN\Administrator).
Derick Anderson
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Bates, Chris: "FW: Account Lockout Policy"
- Maybe in reply to: Shabbar Arsiwala: "Account Lockout Policy"
- Next in thread: Laura A. Robinson: "RE: Account Lockout Policy"
- Reply: Laura A. Robinson: "RE: Account Lockout Policy"
- Reply: Rasmus Rønlev: "Re: Account Lockout Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
