Re: Strong passwords and user locking?

OK, I hope it goes well,
Anthony


"Linn Kubler" <lkubler@xxxxxxxxxxxxxxxxxx> wrote in message
news:eLZxYoJeIHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
You are right, not a lot to test on this side. However I did sort of want
to play around with scripting to give my managers a real easy way to reset
passwords and unlock users. That's the kind of testing I had in mind.

Thanks,
Linn

"Anthony [MVP]" <anthony@xxxxxxxxxxxx> wrote in message
news:uUGDQfJeIHA.5400@xxxxxxxxxxxxxxxxxxxxxxx
There's not a lot to test. The user's password will not be affected until
it expires, or you set it to be changed at next logon, so you can
introduce it that way and change it back if you don't like it.
Anthony,
http://www.airdesk.co.uk



"Linn Kubler" <lkubler@xxxxxxxxxxxxxxxxxx> wrote in message
news:e%23XfYUJeIHA.5996@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the help Anthony. But man, that means it's all or nothing, I
can't even test this before forcing it on everyone? I don't like that a
bit.

Thanks,
Linn

"Anthony [MVP]" <anthony@xxxxxxxxxxxx> wrote in message
news:OqjNu4EeIHA.5552@xxxxxxxxxxxxxxxxxxxxxxx
You need to set the account policy in the root of the domain.
There's a good article about it here:
http://technet2.microsoft.com/windowsserver/en/library/cda0eee3-a52e-4c1b-a9d7-0c70f122ada91033.mspx?mfr=true
and here:
http://technet2.microsoft.com/windowsserver/en/library/b04678d1-510f-48d3-8d10-dce2e61972d71033.mspx?mfr=true
Hope that helps,
Anthony
http://www.airdesk.co.uk


"Linn Kubler" <lkubler@xxxxxxxxxxxxxxxxxx> wrote in message
news:%23EbkLlAeIHA.5548@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I've been asked to force our users to use strong passwords with user
lockouts after a number of wrong attempts. So I started small and
setup a new OU and created a test user in it. I then created a goup
policy, associated it to my new OU and set the Account Lockout
Threshold to 3, which in turn set the duration and Reset Account
Lockout Counter After to 30 minutes. The policy is linked to my OU
and I'm filtering on Domain Users.

Now when I look at the settings of my group policy it doesn't show my
lockout settings and when I login as the test user it doesn't show
this policy in GPResults I've done a GPUPDATE but that didn't help.
So what am I missing? I suspect it's something obvious but I'm
stumped once again.

Thanks in advance,
Linn











.

Relevant Pages

  • Re: 3 Strikes Your Out Password Policy
    ... Local Computer Policy -> Computer Configuration -> ... however it doesn't automatically set it to good ... username is logging on - resetting the passwords for the guesser. ... is there a way to reset the counter ...
    (Focus-Microsoft)
  • Re: Hacking Terminal Services
    ... As for passwords, people have at least 6 characters. ... lockout attempts set at 3 times with a auto reset of 30 min. ... Additionally I use group policy to prevent ... >> and when the close the program, the session closes as well. ...
    (microsoft.public.windows.terminal_services)
  • User Account
    ... The policy for passwords has a ... lockout after 3 tries. ... Why would it keep locking him out? ...
    (microsoft.public.security)
  • Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER
    ... So then the policy is disallowing all login by all users at all machines? ... boots up on cached profile only) The interactive logon problem has applied ... manual security reset. ... If you had not tried the reset we could have pulled you out of this, ...
    (microsoft.public.win2000.security)
  • Re: Locking down database accounts
    ... Personally it sounds to me that your company has established a policy and is ... But bottom line if you have to use SQL Server logins and passwords, ... Whether it's an encrypted flat file or an encrypted XML file, ...
    (microsoft.public.sqlserver.security)