Account Lockout Threshold Not Working

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,
On my DC, in Domain Security Policy... In Windows
Settings, Security Settings, Account Policies, the
Account Lockout Threshold is set for 5 invalid attempts.
I set this myself about a year ago but never tested it.
Just found out from a user and proved it myself that the
lockout occurs at 3 bad attempts. Am I setting this in
the wrong place? Any help / much appreciated!
Thanks! -=gu=-
1 answer Last reply
More about account lockout threshold working
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Domain level is where that policy needs to be configured. You can run "net accounts"
    on a domain controller to see what the threshold is. What may have happened is that
    the operating system often interprets one bad logon attempt by the user as multiple
    logon failures. That is one reason why MS recommends 10 as the lockout threshold
    assuming users need to use reasonably secure passwords. The links below may be
    helpful. --- Steve

    http://www.microsoft.com/downloads/details.aspx?FamilyID=8c8e0d90-a13b-4977-a4fc-3e2b67e3748e&displaylang=en
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

    "-=gu=-" <anonymous@discussions.microsoft.com> wrote in message
    news:2096c01c45964$6ce4c470$a101280a@phx.gbl...
    > Hi,
    > On my DC, in Domain Security Policy... In Windows
    > Settings, Security Settings, Account Policies, the
    > Account Lockout Threshold is set for 5 invalid attempts.
    > I set this myself about a year ago but never tested it.
    > Just found out from a user and proved it myself that the
    > lockout occurs at 3 bad attempts. Am I setting this in
    > the wrong place? Any help / much appreciated!
    > Thanks! -=gu=-
Ask a new question

Read More

Security Microsoft Windows