| Author |
Message |
Charlie Ting
Guest
|
 Posted:
Thu Nov 10, 2005 1:51 am Post subject:
Account locked out |
|
|
win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even configured.
any ideas where else in the configuration might be set up that way? |
|
| Back to top |
|
 |
70-297 exam format
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
RE: Account locked out |
|
|
Check your local policies->Security Options->
Is any interactive logon policy is enabled which affects the logon user.
"Charlie Ting" wrote:
| Quote: | win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even configured.
any ideas where else in the configuration might be set up that way?
|
|
|
| Back to top |
|
|
Veets
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: Account locked out |
|
|
Do you have it configured on a specific OU somewhere?
Veets
"WhoC@nItbN0W" <WhoCnItbN0W@discussions.microsoft.com> wrote in message
news:59E186B9-BEFD-4BE4-8B67-51F58FEF03BF@microsoft.com...
| Quote: | maybe the local comp policy does this.
"Charlie Ting" wrote:
win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even configured.
any ideas where else in the configuration might be set up that way?
|
|
|
| Back to top |
|
|
Paul Williams [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: Account locked out |
|
|
If these are domain users they are only going to be affected by the policy
linked at the domain level. Account policy is processed differently to
other policy - it is processed by the PDCe and written to the domain NC.
The other DCs read from the domain NC. Linking a GPO to anywhere else only
effects local accounts (on members within scope).
Check the attributes lockoutThreshold, lockoutDuration and
lockoutObservationWindow on the domain NC. If these have values, that is
what is being used in the domain.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net |
|
| Back to top |
|
|
70-297 exam format
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
RE: Account locked out |
|
|
Also I think in w2k environment default Account lockout threshold is 5.Just
check the account policies ---->Account Lockout Policy-->
"Charlie Ting" wrote:
| Quote: | win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even configured.
any ideas where else in the configuration might be set up that way?
|
|
|
| Back to top |
|
|
70-297 exam format
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: Account locked out |
|
|
Hi Paul, could you tell me what the Domain NC stands for....pls
"Paul Williams [MVP]" wrote:
| Quote: | If these are domain users they are only going to be affected by the policy
linked at the domain level. Account policy is processed differently to
other policy - it is processed by the PDCe and written to the domain NC.
The other DCs read from the domain NC. Linking a GPO to anywhere else only
effects local accounts (on members within scope).
Check the attributes lockoutThreshold, lockoutDuration and
lockoutObservationWindow on the domain NC. If these have values, that is
what is being used in the domain.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
|
|
|
| Back to top |
|
|
WhoC@nItbN0W
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
RE: Account locked out |
|
|
maybe the local comp policy does this.
"Charlie Ting" wrote:
| Quote: | win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even configured.
any ideas where else in the configuration might be set up that way?
|
|
|
| Back to top |
|
|
Paul Williams [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 5:51 pm Post subject:
Re: Account locked out |
|
|
Naming Context. AKA Partition.
AD is made up of partitions - naming contexts (NC) in LDAP speak . There's
a domain partition for each domain in the forest, configuration partition,
schema configuration and there can be application partitions.
All domain info. is held in the domain NC. Sites and services such as
exchange are stored in the configuration NC, as these apply to the forest.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net |
|
| Back to top |
|
|
Charlie Ting
Guest
|
| Posted:
Thu Nov 10, 2005 5:51 pm Post subject:
Re: Account locked out |
|
|
We don't have OU here.
"Veets" <Veets@h0tmail.com> wrote in message
news:uGXAhOf5FHA.632@TK2MSFTNGP10.phx.gbl...
| Quote: | Do you have it configured on a specific OU somewhere?
Veets
"WhoC@nItbN0W" <WhoCnItbN0W@discussions.microsoft.com> wrote in message
news:59E186B9-BEFD-4BE4-8B67-51F58FEF03BF@microsoft.com...
maybe the local comp policy does this.
"Charlie Ting" wrote:
win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even
configured.
any ideas where else in the configuration might be set up that way?
|
|
|
| Back to top |
|
|
Charlie Ting
Guest
|
| Posted:
Thu Nov 10, 2005 5:51 pm Post subject:
Re: Account locked out |
|
|
I checked that too.. not configured either there.
"WhoC@nItbN0W" <WhoCnItbN0W@discussions.microsoft.com> wrote in message
news:59E186B9-BEFD-4BE4-8B67-51F58FEF03BF@microsoft.com...
| Quote: | maybe the local comp policy does this.
"Charlie Ting" wrote:
win2k domain environment. User get locked out after 5 incorrect login
attempts..
however; i checked domain policy..account lockout is not even
configured.
any ideas where else in the configuration might be set up that way?
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in