Answered by:
Account Lockout Question

-
We have a 10 minute lock out policy for 3 incorrect passwords. We have a requirement for an application that the lock out be 30 minutes. Is there a way to group the machines for that application and apply a longer lockout for a user failing 3 password attempts on those machines? Or is the overall 10 minute policy the extent of what we can set?
Question
Answers
-
One policy per domain in pretty sure?
To configure anything else outside of the one per domain you need
AD DS Fine-Grained Password and Account Lockout
https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx
- Edited by AlexAdkin Wednesday, July 15, 2015 7:23 PM
- Proposed as answer by Elaine JingModerator Monday, July 20, 2015 9:48 AM
- Marked as answer by Elaine JingModerator Wednesday, July 22, 2015 2:42 AM
-
> You can create a OU for this machines and move this computers in this> OU,then on GPMC,"select "block inheritance" for this OU,then create and> edit gpo for 30 min.finaly apply this OU.No, you cannot. These GPOs would only affect local accounts on thecomputers, not domain accounts...
Greetings/Grüße, Martin
Mal ein gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me - coke bottle design refreshment (-:- Marked as answer by Elaine JingModerator Wednesday, July 22, 2015 2:42 AM
All replies
-
-
One policy per domain in pretty sure?
To configure anything else outside of the one per domain you need
AD DS Fine-Grained Password and Account Lockout
https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx
- Edited by AlexAdkin Wednesday, July 15, 2015 7:23 PM
- Proposed as answer by Elaine JingModerator Monday, July 20, 2015 9:48 AM
- Marked as answer by Elaine JingModerator Wednesday, July 22, 2015 2:42 AM
-
> You can create a OU for this machines and move this computers in this> OU,then on GPMC,"select "block inheritance" for this OU,then create and> edit gpo for 30 min.finaly apply this OU.No, you cannot. These GPOs would only affect local accounts on thecomputers, not domain accounts...
Greetings/Grüße, Martin
Mal ein gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me - coke bottle design refreshment (-:- Marked as answer by Elaine JingModerator Wednesday, July 22, 2015 2:42 AM