none
Account lockout policy HELP

    Question

  • Hi guys,

    We have to enable an Account lockout policy on our domain,

    "Lockout after 5 unsuccessful logon attempts; reset count after 30 minutes".

     

    However when we enable, the above policy, we had user accounts being lockout for the following reasons:

    1.        User locked their computer instead of logging off
    2.        User has a screen saver with a password

     

    Is there a way to of enabling this policy without user accounts being locked due to the reasons above?

    Thanks in advance.

    Wednesday, February 25, 2015 5:07 PM

All replies

  • >  1. User locked their computer instead of logging off
    >  2. User has a screen saver with a password
     
    Neither locking the computer nor using a pw protected screen saver locks
    an account. You should enable auditing for account lockout and then
    determine the source computer responsible for the lockout.
     
    In our environment, the main reason are "forgotten" RDP sessions or
    tasks running with old passwords.
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Wednesday, February 25, 2015 5:43 PM
  • Hi jumbi,

    Just check if Martin's suggestion can help you. If any update, please feel free to let us know.

    Best regards,

    Justin Gu


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, March 02, 2015 6:43 AM
    Moderator
  • His suggestion didn't help, as what he is saying or suggesting is what is supposed to happen, but what is supposed to happen is not what is happening lol. Will build a lab and do some tests.
    Monday, March 02, 2015 1:08 PM