Re: Strong passwords and user locking?

There's not a lot to test. The user's password will not be affected until it
expires, or you set it to be changed at next logon, so you can introduce it
that way and change it back if you don't like it.
Anthony,
http://www.airdesk.co.uk



"Linn Kubler" <lkubler@xxxxxxxxxxxxxxxxxx> wrote in message
news:e%23XfYUJeIHA.5996@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the help Anthony. But man, that means it's all or nothing, I
can't even test this before forcing it on everyone? I don't like that a
bit.

Thanks,
Linn

"Anthony [MVP]" <anthony@xxxxxxxxxxxx> wrote in message
news:OqjNu4EeIHA.5552@xxxxxxxxxxxxxxxxxxxxxxx
You need to set the account policy in the root of the domain.
There's a good article about it here:
http://technet2.microsoft.com/windowsserver/en/library/cda0eee3-a52e-4c1b-a9d7-0c70f122ada91033.mspx?mfr=true
and here:
http://technet2.microsoft.com/windowsserver/en/library/b04678d1-510f-48d3-8d10-dce2e61972d71033.mspx?mfr=true
Hope that helps,
Anthony
http://www.airdesk.co.uk


"Linn Kubler" <lkubler@xxxxxxxxxxxxxxxxxx> wrote in message
news:%23EbkLlAeIHA.5548@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I've been asked to force our users to use strong passwords with user
lockouts after a number of wrong attempts. So I started small and setup
a new OU and created a test user in it. I then created a goup policy,
associated it to my new OU and set the Account Lockout Threshold to 3,
which in turn set the duration and Reset Account Lockout Counter After
to 30 minutes. The policy is linked to my OU and I'm filtering on
Domain Users.

Now when I look at the settings of my group policy it doesn't show my
lockout settings and when I login as the test user it doesn't show this
policy in GPResults I've done a GPUPDATE but that didn't help. So what
am I missing? I suspect it's something obvious but I'm stumped once
again.

Thanks in advance,
Linn







.

Relevant Pages

  • RE: Event ID 537 and Kerberos
    ... a logon type of 3 translates to Network. ... Click Services tab and select Hide All Microsoft Services and Disable ... Step 4: Configure account lockout policy. ... and then click Account Lockout Policy. ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... titled "Client Logon Failure". ... This was done in the Group Policy ... So basically, the Account lockout threshold, account lockout duration ... When you do clean boot on the client computer, ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... titled "Client Logon Failure". ... This was done in the Group Policy ... So basically, the Account lockout threshold, account lockout duration ... When you do clean boot on the client computer, ...
    (microsoft.public.windows.server.sbs)
  • RE: Event ID 537
    ... the virus Banker.BSX will open port 1106. ... Step 2: Configure account lockout policy. ... and then click Account Lockout Policy. ... Click Services tab and select Hide All Microsoft Services and Disable ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... Enabled Small Business Server Remote Assistance Policy No ... Default Domain Controller policy should not be linked to the domain ... thread titled "Client Logon Failure". ... So basically, the Account lockout threshold, account lockout ...
    (microsoft.public.windows.server.sbs)