Re: Account Lockout policy problem

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/10/04 

Date: Fri, 10 Sep 2004 00:11:57 GMT

First off I suggest you set the threshold to at least ten per Microsoft's
recommendations. Then enable auditing of "account logon events" and account
management in Domain Controller Security Policy. You can leave auditing enabled for
the domain but you will find most of the information in the domain controller
security logs though you should fine failed logons in the security log of the domain
computers for failed logons due to account lockouts. It is hard to say if you have a
security issue without knowing more. Generally large amounts of failed logons to
administrator account for the domain and local administrator accounts on domain
computers are a reason for concern and note those accounts can not be locked out by
default. See the links below and pay attention on how to use Event Comb to scan
multiple computers for specific events. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx
http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch02.mspx -- great
article on domain level policy recommendations.
http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx -- Microsoft
security guidance for small businesses.

"Benny" <Benny@discussions.microsoft.com> wrote in message
news:DD37E97B-37CF-4807-8059-1AB17AE3CF02@microsoft.com...
>I implemented an account lockout policy (5 invalid logons) for the domain's
> default policy. I noticed that users account on the domain always lockout. I
> enabled auditing for account logon events and object access but no events are
> logged when I look at security in event viewer. I decided to set the lockout
> policy to 'not defined' but still users lock out. Does my system have a
> security issue? How can I check and remedy this. I'm using windows 2000
> server SP4 and is also a SQL 2000 server. Thanks for any help.

Relevant Pages

  • Re: The local policy of this system does not permit you to logon i
    ... Security policies were propagated with warning. ... Error 0x534 occurs when a user account in one or more Group Policy objects ... I have checked the security policies & the administrator profile is not ...
    (microsoft.public.windows.server.sbs)
  • Re: RSoP Lockout Account
    ... major part of the Domain concept is a unified and enforced security regime. ... The password policy is enforced by the computer (i.e. a domain controller ... not when the user account is authenticated by that computer. ... controllers won't have any affect on domain user accounts. ...
    (microsoft.public.win2000.group_policy)
  • Re: Problems with 529 Events
    ... Step 2: Configure account lockout policy. ... Windows Settings, double-click Security Settings, double-click Account ... The issue may occur if the remote SBS server sends broadcast ...
    (microsoft.public.windows.server.sbs)
  • Re: webservice problem system.net.webexception
    ... first check the local system policy and make sure the local system ... account is not set as a member of the guest account since the guest ... (this is under local security settings/user rights assignment), ... Test the client on the local machine, ...
    (microsoft.public.dotnet.security)
  • Re: WK2 AD Security
    ... Well the link I referred to should be a good start on account policy but ... guest account is disabled on the domain controller in AD Users and Computers ... -- Create a password policy suitable for your needs but consider enabling ... network" setting on the domain controller or in DC Security Policy. ...
    (microsoft.public.win2000.security)