none
Interactive Logon: Account threshold for Server 2008R2

    Question

  • Windows 10 has been installed on the workstations and laptops. We enabled Bitlocker on the laptops; we want to use the Interactive Logon: Account Threshold, but want to do it through group policy. Is there a way to get this setting on Server 2008R2? We would like to use it so that it would enable Bitlocker to lock the drive down in case of theft/brute force attack... Thank you.
    Thursday, December 10, 2015 3:22 PM

Answers

  • > it anywhere: Computer Configuration>Windows Settings>Security
    > Settings>Local Policies>Security Options>Interactive Logon: Machine
    > account lockout threshold.
     
    Security settings are not part of ADM templates, but "hidden" somewhere
    in the registry. They can be updated through a newer version of
    sceregvl.inf - but I'd recommend to edit this setting on a newer OS instead.
     
    • Marked as answer by earkpr Tuesday, December 15, 2015 2:52 PM
    Tuesday, December 15, 2015 11:28 AM

All replies

  • Hi,

    If I understand correctly, you are talking about Interactive logon: Machine account lockout threshold policy.

    This policy is beginning with Windows Server 2012 and Windows 8

    Detail information about the policy is in:

    Interactive logon: Machine account lockout threshold

    https://technet.microsoft.com/en-us/library/jj966264.aspx?f=255&MSPPError=-2147217396

    You could update your existing policy templates with new Administrative Templates (.admx) (for example Administrative Templates for Windows 8). After upgrading template, you should be able to see the specific policy on Windows server 2008R2.

    Here is the download link: https://www.microsoft.com/en-us/download/details.aspx?id=43413

    If you have any questions , please feel free to contact us.


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 11, 2015 9:48 AM
    Moderator
  • Thank you for the feedback. I'll give this a try.
    Monday, December 14, 2015 2:24 PM
  • I updated our GPO (server 2008 R2) with the templates, and I do not see it anywhere: Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options>Interactive Logon: Machine account lockout threshold.
    Monday, December 14, 2015 4:26 PM
  • > it anywhere: Computer Configuration>Windows Settings>Security
    > Settings>Local Policies>Security Options>Interactive Logon: Machine
    > account lockout threshold.
     
    Security settings are not part of ADM templates, but "hidden" somewhere
    in the registry. They can be updated through a newer version of
    sceregvl.inf - but I'd recommend to edit this setting on a newer OS instead.
     
    • Marked as answer by earkpr Tuesday, December 15, 2015 2:52 PM
    Tuesday, December 15, 2015 11:28 AM
  • Thank you for the feedback. Have a good day.
    Tuesday, December 15, 2015 2:52 PM