Locked Out Account Unlocks after reboot

Archived from groups: microsoft.public.win2000.security (More info?)

I have the account lockout policy set so that only an admin can reset a
locked out account after 5 failed login attempts. This should stay true even
after a reboot but does not. It allows that same user to try to login after
the machine is rebooted. Is there a way to hold this lockout policy even
after the machine has a hard reset?
2 answers Last reply
More about locked account unlocks reboot
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Why are you even using a lockout policy? Account lockouts are
    wonderful attack tools: users can denial-of-service themselves out of
    their own accounts, attackers can DoS entire domains.

    Account lockout is a security best practice hold-over from the old
    days. Now, it just creates more work for your admins and expense for
    your company. If you're afraid of password-guessing attacks, then your
    passwords aren't strong enough. Enable strong passwords and you can
    eliminate password lockouts, thus saving yourself money and time and
    freeing up your admins to work on more important things.

    Steve Riley
    steriley@microsoft.com


    "an1076" <an1076@discussions.microsoft.com> wrote in message
    news:759B67C9-6E50-4DBC-801A-296E264DA8A9@microsoft.com...
    >I have the account lockout policy set so that only an admin can reset
    >a
    > locked out account after 5 failed login attempts. This should stay
    > true even
    > after a reboot but does not. It allows that same user to try to
    > login after
    > the machine is rebooted. Is there a way to hold this lockout policy
    > even
    > after the machine has a hard reset?
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    This is for a testing machine in a lab that needs to meet security criteria
    to hold classified material. It is a local computer off the network. We are a
    small company and there will only be a few users with access to that computer
    anyways. So I am using lockout policy due to Department of Defense
    requirements. Without this we can not sell classified products.

    I have figured out what was happening but still need a solution. After the
    5th attempt and the logon screen goes gray there is about a minute before the
    account actually gets locked out and the message comes up saying that the
    account is locked and that an administrator must unlock it. It was in that
    minute that I was ressetting the machine by pressing the power button. Is
    there a way to make the lockout immediate or minimize this pause?

    Thank you again,
    Sean


    "Steve Riley [MSFT]" wrote:

    > Why are you even using a lockout policy? Account lockouts are
    > wonderful attack tools: users can denial-of-service themselves out of
    > their own accounts, attackers can DoS entire domains.
    >
    > Account lockout is a security best practice hold-over from the old
    > days. Now, it just creates more work for your admins and expense for
    > your company. If you're afraid of password-guessing attacks, then your
    > passwords aren't strong enough. Enable strong passwords and you can
    > eliminate password lockouts, thus saving yourself money and time and
    > freeing up your admins to work on more important things.
    >
    > Steve Riley
    > steriley@microsoft.com
    >
    >
    >
    > "an1076" <an1076@discussions.microsoft.com> wrote in message
    > news:759B67C9-6E50-4DBC-801A-296E264DA8A9@microsoft.com...
    > >I have the account lockout policy set so that only an admin can reset
    > >a
    > > locked out account after 5 failed login attempts. This should stay
    > > true even
    > > after a reboot but does not. It allows that same user to try to
    > > login after
    > > the machine is rebooted. Is there a way to hold this lockout policy
    > > even
    > > after the machine has a hard reset?
    > >
    > >
    >
    >
    >
Ask a new question

Read More

Policy Login Windows