none
Account Lockout Threshold not working

    Question

  • I have a default domain GPO linked to the root of my domain, and any changes I make to this GPO work as expected on the computers in my domain, from IE settings to virtually anything. My lockout policy within this same GPO, however, is an exception to this. I have changed the account lockout threshold from 3 to 5, and if I run gpresult and save the command output to a file I can see that indeed the policy is applying to that computer with 5 as the max limit. But if I proceed to type in a bad password the account still locks out at 3 tries.   Account lockout duration is 500 minutes and Reset counter is 500 minutes.  Users are getting locked out pretty frequently, which is why we're moving from 3 to 5.  Any ideas?
    • Edited by guest4576 Wednesday, May 6, 2015 7:53 PM
    Wednesday, May 6, 2015 7:48 PM

Answers

  • Hi,

    Thanks for posting here.

    Would you please run a gpresult /h xx.html  report and then post us?

    Or you can create a new group policy object to configuare the password policy and link it to the domain and enforce the GPO to have a test and then let me know the  result.

    Looking forward to your feedback.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by guest4576 Thursday, May 7, 2015 4:20 PM
    Thursday, May 7, 2015 7:37 AM
    Moderator

All replies

  • Hi,

    Thanks for posting here.

    Would you please run a gpresult /h xx.html  report and then post us?

    Or you can create a new group policy object to configuare the password policy and link it to the domain and enforce the GPO to have a test and then let me know the  result.

    Looking forward to your feedback.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by guest4576 Thursday, May 7, 2015 4:20 PM
    Thursday, May 7, 2015 7:37 AM
    Moderator
  • > account lockout threshold from 3 to 5, and if I run gpresult and save
     
    Run this gpresult on the PDC emulator - that's the only computer that
    applies password and account settings to domain accounts.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Thursday, May 7, 2015 8:43 AM
  • Elaine,

    That worked.  I just created a new GPO, configured the lockout settings, and set the lockout settings in the previous GPO as not defined.  Thanks!

    Thursday, May 7, 2015 4:19 PM