RE: Account Lockout Policy
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 10/20/05
- Previous message: matthew patton: "security policy 'not specified' option"
- In reply to: RAMI KHANFER: "RE: Account Lockout Policy"
- Next in thread: Rasmus Rønlev: "Re: Account Lockout Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 17:13:43 -0400 To: "'RAMI KHANFER'" <RAMI.KHANFER@mobilecom.jo>, "'Derick Anderson'" <danderson@vikus.com>, "'Shabbar Arsiwala'" <sarsiwala@obleness.org>, <focus-ms@securityfocus.com>
The question referred to LOCAL accounts on the workstation. Putting a policy
on an OU affects local accounts. It will work. I have tested it. :-)
Laura
> -----Original Message-----
> From: RAMI KHANFER [mailto:RAMI.KHANFER@mobilecom.jo]
> Sent: Thursday, October 20, 2005 1:49 PM
> To: Derick Anderson; Shabbar Arsiwala; focus-ms@securityfocus.com
> Subject: RE: Account Lockout Policy
>
>
>
> You can not configure account policy on OU; the only place
> where you can configure account policy is at the domain level.
>
> Best Regards
> Rami Khanfer
>
> MobileCom - IT Direction/ Infrastructure Department
> Mobile + 962 777 801539
> Email Rami.Khanfer@mobilecom.jo
>
> -----Original Message-----
> From: Derick Anderson [mailto:danderson@vikus.com]
> Sent: Thursday/October/2005 05:59 PM
> To: Shabbar Arsiwala; focus-ms@securityfocus.com
> Subject: RE: Account Lockout Policy
>
>
>
> > -----Original Message-----
> > From: Shabbar Arsiwala [mailto:sarsiwala@obleness.org]
> > Sent: Thursday, October 20, 2005 9:07 AM
> > To: focus-ms@securityfocus.com
> > Subject: Account Lockout Policy
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > We have an account lockout policy setup for users on our
> domain Win
> > 2K3 / Active Directory environment. 4 invalid attempts the account
> > locks out / 30 mins the account is released. We would like
> to change
> > this policy for one the machines on our domain. This machine uses a
> > local administrator account to log in.
> >
> > Is this possible ???
> >
> > Thanks,
> > Shabbar
>
> It is possible to change the *local* machine account lockout
> policy for a specific machine, but not the *domain* lockout
> policy. To do this you need to put your *domain* password
> policy in the Domain Controllers OU, create a separate OU for
> this one machine, make a new policy with the desired lockout
> settings, and link it to the single machine's OU. This will
> only work for *local* accounts (such as MACHINE\Administrator), not
> *domain* accounts (DOMAIN\Administrator).
>
> Derick Anderson
>
> --------------------------------------------------------------
> ----------
> ---
> --------------------------------------------------------------
> ----------
> ---
>
>
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: matthew patton: "security policy 'not specified' option"
- In reply to: RAMI KHANFER: "RE: Account Lockout Policy"
- Next in thread: Rasmus Rønlev: "Re: Account Lockout Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
