Re: Account Lockout
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/20/04
- Next message: Steven L Umbach: "Re: Question regarding microsoft security policy"
- Previous message: Steven L Umbach: "Re: Login Domain"
- In reply to: Mehdi Amini: "Account Lockout"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Apr 2004 16:39:59 GMT
Make sure you make the changes at the domain policy level, either at the default
domain policy or on the highest GPO in the list for the domain if you have more than
just the default domain GPO. In addition make sure that "block inheritance" is not
configured on the domain controller container. Running the "net accounts" command on
the domain controllers should display what the actual policy is. If you can not
resolve it, then you may have a replication problem within the domain possibly
relating to dns misconfiguration. Looking in Event Viewer on the domain controllers
will usually tell you that in addition to running dcdiag on one or more domain
controllers including the one you changed to policy on. Dcdiag and other extremely
helpful utilities are located on the install cdrom under the support/tools folder
where you have to run the setup there. --- Steve
"Mehdi Amini" <mehdi.amini@valueoptions.com> wrote in message
news:193901c426dc$038a9190$a301280a@phx.gbl...
> We have disabled our Account lockout policy but it becomes
> enabled after a few hours automatically. Has anyone seend
> this problem
- Next message: Steven L Umbach: "Re: Question regarding microsoft security policy"
- Previous message: Steven L Umbach: "Re: Login Domain"
- In reply to: Mehdi Amini: "Account Lockout"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
