Announcement

Collapse
No announcement yet.

local security policy account lockout settings greyed out

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • local security policy account lockout settings greyed out

    I have a system running server 2003 - it is a terminal server joined to a 2003 domain.

    On the DC I have set the lockout policy to lock out for 30 minutes after 3 failed login attempts.

    I understand that the terminal server will also have its own local lockout policy - IE if someone tries to log on locally, not to the domain.

    When I look on the terminal server under local security policy, the account lockout settings are greyed out, and they dont match any other policy - they are set to lock out for 10 minutes, after 50 failed login attempts.

    Is this mornal? How can I edit them?
    David Silvester
    Systems Administrator

  • #2
    Re: local security policy account lockout settings greyed out

    For the domain member computer, the local security policy is overwritten by the domain level Domain Group Policy. It should be greyed out when you browse it in the Local Policy, and it should technically show you the settings which were forced on the domain level. Anyway, it will be the same policy for the terminal users and local users on the your terminal server and rest of the servers in the domain.

    Comment


    • #3
      Re: local security policy account lockout settings greyed out

      Originally posted by tAnk View Post
      For the domain member computer, the local security policy is overwritten by the domain level Domain Group Policy. It should be greyed out when you browse it in the Local Policy, and it should technically show you the settings which were forced on the domain level. Anyway, it will be the same policy for the terminal users and local users on the your terminal server and rest of the servers in the domain.
      Thanks. I'm sure I tried 3 incorrect local logins on the TS and it did not lock me out. But maybe the policy had not yet been pushed through.


      I'll test it again in the morning.
      David Silvester
      Systems Administrator

      Comment


      • #4
        Re: local security policy account lockout settings greyed out

        The settings you see in the Local Security Policy are the ones in effect on the server, and they're greyed out because they're being configured by a GPO in the domain. You need to find out which GPO is configuring those settings. You can find this out by running GPRESULTS.

        Comment


        • #5
          Re: local security policy account lockout settings greyed out

          thanks guys. I ran gpresult /v on the TS and found that there was another GPO taking precedence over the one I had set. I changed it, ran a gpupdate and the settings took effect.
          David Silvester
          Systems Administrator

          Comment

          Working...
          X