Re: Account Lockout Duration catch 22?

From: Colin Nash [MVP] (
Date: 05/04/04

Date: Mon, 3 May 2004 22:18:17 -0400

Yep I believe that the built-in administrator will always be able to log in
at the console of a DC. I'm not sure if network access to it gets blocked
when the account is 'locked' (now I'm curious... can anyone confirm? :))

<Ben M. Schorr>; "MVP-OneNote" <bens@bogusaddress.mvp> wrote in message
> On 03 May 2004 12:56, "CG" wrote:
> >If I set Account Lockout Duration to 0 requiring an admin to unlock
> > What happens if all the admin accounts get locked? A malicious user,
> >password-guessing worm, or even an admin running a security scanner
> >that checks password of all the IDs in the domain, could do the trick.
> >Am I correct in thinking that if this happens in a root domain it would
> >be time to start over and completely rebuild?
> If I recall correctly the main administrator account can't be locked out.
> Yes, you can check the box, but it doesn?Tt actually do anything.
> --
> -Ben-
> Ben M. Schorr, MVP-OneNote
> OneNote FAQ:
> SchorrTech Blog: