none
Account Lockout Question

    Question

  • We have a 10 minute lock out policy for 3 incorrect passwords. We have a requirement for an application that the lock out be 30 minutes. Is there a way to group the machines for that application and apply a longer lockout for a user failing 3 password attempts on those machines? Or is the overall 10 minute policy the extent of what we can set?
    Wednesday, July 15, 2015 3:38 PM

Answers

  • One policy per domain in pretty sure?

    To configure anything else outside of the one per domain you need

    AD DS Fine-Grained Password and Account Lockout 

    https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx


    Wednesday, July 15, 2015 7:22 PM
  • >   You can create a OU for this machines and move this computers in this
    > OU,then on GPMC,"select "block inheritance" for this OU,then create and
    > edit gpo for 30 min.finaly apply this OU.
     
    No, you cannot. These GPOs would only affect local accounts on the
    computers, not domain accounts...
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Thursday, July 16, 2015 1:12 PM

All replies

  • Hi

     You can create a OU for this machines and move this computers in this OU,then on GPMC,"select "block inheritance" for this OU,then create and edit gpo for 30 min.finaly apply this OU.

    Wednesday, July 15, 2015 4:50 PM
  • One policy per domain in pretty sure?

    To configure anything else outside of the one per domain you need

    AD DS Fine-Grained Password and Account Lockout 

    https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx


    Wednesday, July 15, 2015 7:22 PM
  • >   You can create a OU for this machines and move this computers in this
    > OU,then on GPMC,"select "block inheritance" for this OU,then create and
    > edit gpo for 30 min.finaly apply this OU.
     
    No, you cannot. These GPOs would only affect local accounts on the
    computers, not domain accounts...
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Thursday, July 16, 2015 1:12 PM