No announcement yet.

Account Lockout Policy

  • Filter
  • Time
  • Show
Clear All
new posts

  • Account Lockout Policy

    I have TS's and computers that are joined to my domain. There are settings in computer configuration that are different than user configuration. I've never understood how to set a policy to a computer or TS when the policy that i need is located on the computer configuration.

    I'm trying to apply the policy in Computer Configuration>Windows Settings>Security Settings>Account Policies>Account Lockout Policy>Account Lockout Threshold to 3. This doesn't work on the computers. Not sure what i need to do.

    Also, I've read about loopback policy, and in this article from Microsoft, this is what it says.
    1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
    2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.

    now when i type in mmc, Computer Configuration, Administrative>Templates>System>Group Policy, there is no Loopback Policy. From my understanding i can get some of the computer polices to apply to users.

    Any ideas


  • #2
    Firstly, the account lockout and password policies only apply with domain and local GPOs - you can set them in Site and OU ones, but they do not apply. If you need to have more granular policies, you can use security filtering (slow) or Fine Grained Password Policies - difficult depending on the operating system on your DCs

    Second, the loopback policy.
    Have a good read of and the follow up article. You should see it where you are looking - if not, change DC and recheck. You need to understand how loopback works and the two modes (merge or replace) before you can start using it.

    What is your domain FL and what OS are the DCs (and TSes)?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **