Re: Account Policy NT 4

From: Vera Noest (Vera.Noest@remove-this.hem.utfors.se)
Date: 05/31/02 

From: "Vera Noest" <Vera.Noest@remove-this.hem.utfors.se>
Date: Fri, 31 May 2002 23:13:21 +0200

"Paul Adare" <padare@newsguy.com> skrev i meddelandet
news:MPG.175f218c6249aee5989720@msnews.microsoft.com...
> In article <#hEKAu1BCHA.1360@tkmsftngp05>, Vera.Noest@remove-
> this.hem.utfors.se says...
> > "Paul" <paul.bellefeuille@dyncorp.com> skrev i meddelandet
> > news:92df01c20748$5489ec40$9ae62ecf@tkmsftngxa02...
> > > How do I apply account lockout (users tries to login 3
> > > times with incorrect password and the account get locks)to
> > > 9 users and the 10th user this policy does not take affect?
> >
> > Account policies are applied domain-wide, you cannot have different
account
> > policies for different users within one domain. The build-in
administrator
> > account is excluded from some account policies, though.
> >
>
> While the above is mostly true (the part about the administrator account
> being excluded is not true) for Windows 2000 Group Policy, as per the
> subject, the poster is asking about System Polict in NT 4.
>
> Paul, you can use groups in NT 4 System Policy. Put all of the users you
> wanted affected by the policy into a group, and then apply the policy to
> the group.

It seems to me that you missed the *account lockout* part of the question.
Account lockout policies in NT 4.0 are *not* system policies that you set
with an .adm-template in system policy editor, account lockout policies are
defined in User Manager for Domains. Those are applied domain wide, and
exclude the build-in administrator account.

Vera Noest
MCSE, CCA
-----------------------------------------------------------
Email : Vera.Noest@remove-this.hem.utfors.se
               remove obvious antispammer
WWW : http://hem.fyristorg.com/vera
----------------------------------------------------------

Relevant Pages

  • Re: Password policy, no override
    ... DCs will ignore any password policies you set at the domain controller ... I would disagree with setting the password policy on the Default ... > account and not the Domain user account object). ...
    (microsoft.public.win2000.active_directory)
  • Re: Cannot edit "Log on as a service" and "Allow log on locally" policies on W2K3 server.
    ... I am installing a new version of a program on my W2K3 SP1 server and one of the requirements is to create a "local" user account and grant this account ... However when I go into the Local Security Policy editor/Security settings/Local Policies/User Rights Assignment, I do not get the option to add or edit. ... These two policies both have different icons showing so I'm not sure what that indicates but am sure it has to do with why I cannot make any changes there. ... drill down to those settings and it'll tell you which policy is applying to those settings. ...
    (microsoft.public.windows.server.general)
  • Re: Lock Account/Logoff Time-out
    ... the newer newsgroup for group policy is ... The policies you seem to be using is are not Account Policies ... these settings apply to network logins onto the server ...
    (microsoft.public.security)
  • Re: Password requirement
    ... > I have disabled the group policy, ... Account Policies for domain user ... I don't see why you should not be able to create useraccounts, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy for remote users
    ... Setting the "password never expires" flag will stop the password from ... to enforce multiple policies and assign them to users, groups, and OUs. ... accounts, and this or the highest priority GPO setting account policies ...
    (microsoft.public.security)