Re: Reset account lockout counter after

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/18/05


Date: Mon, 18 Apr 2005 14:43:11 -0500

I believe you can set it to whatever you want if the lockout duration is 0.
FYI MS recommends that lockout threshold be no less than ten bad attempts.
Account lockout is a dual edge sword that can result in DOS attacks against
your users. Unless required by external policy, many places are not using
account lockout if they are enforcing strong passwords or better yet pass
phrases. --- Steve

"Nhut Minh Tran" <Nhut Minh Tran@discussions.microsoft.com> wrote in message
news:3E6F72DC-6868-405D-A80D-1A2C2285A6CB@microsoft.com...
> Our default domain account lockout policy is set like this:
>
> Lockout Duration = 0 (I want Aministrator manually unlock)
> Lockout Threshold = 4
> Reset Counter After = ???
>
> Microsoft say about Reset account lockout counter after:
> If an account lockout threshold is defined, this reset time must be less
> than or equal to the Account lockout duration. So how can I set Reset
> Counter
> After <= Lockout Duration???
>
> Thanks,
>
> Nhut
>
>
>
>



Relevant Pages

  • Re: Account lockout support in Solaris 10 when authenticating against Kerberos
    ... So your point is that the account lockout feature is really not part of Kerberos, but part of Solaris? ...
    (comp.protocols.kerberos)
  • Re: OU group policy and how to use ldapsearch to find GPO settings
    ... To find the default domain policy settings, ... If I configure the account lockout policy in the default domain policy, ...
    (microsoft.public.windows.group_policy)
  • Re: ADAM password
    ... Yes it can be used to check for acct lockout and pwd expiration. ... contains all the separate bits that are exposed via msDS-userAccountXXX ... > User_Account-Control to check for password contraints and account lockout, ... >> history requirement of the domain." ...
    (microsoft.public.windows.server.active_directory)
  • Re: Accounts getting locked out driving me mad
    ... Have you been looking at the Event Log on the dc's to try and determine ... but cannot find a decent application to troubleshoot my ... >> I used to have troubles with account lockout. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Please help me, it is highly Urgent.............
    ... You are in the right place with the lockout tools. ... Account lockout threshold = 5 invalid logon attempts ... found that subsequent wrong credentials are being passed by the end users ... Persistent drives may have been established ...
    (microsoft.public.windows.server.active_directory)