Dear All,

In our network we have account lock out policy for our domain user (set it
up in Group Policy) , it defined as 3 invalid logon attempts and lockout
duration defined as 30 mins. Everything think works fine for local intranet
users, means anyone key in wrong password for 3 times it will lock the
account and it will get auto release after 30 mins.

My question is if any users try from outside local area network (via
internet) ie to access my intranet web servers thru ISA reverse proxy.
(Reverse proxy configured to allow only domain user to browse the intranet
web sites). And if they key in wrong password for more than 3 times there
account will get lock out and it never been released by itself!

This behavior creates lots of trouble to my overseas users. They need to
call Head Office system administrator to unlock their account.

Any idea to resolve the above issue?

Venkat

Try to move oversea users in other than intranet OU users.

"Tohelp" wrote:

> Dear All,
>
> In our network we have account lock out policy for our domain user (set it
> up in Group Policy) , it defined as 3 invalid logon attempts and lockout
> duration defined as 30 mins. Everything think works fine for local intranet
> users, means anyone key in wrong password for 3 times it will lock the
> account and it will get auto release after 30 mins.
>
> My question is if any users try from outside local area network (via
> internet) ie to access my intranet web servers thru ISA reverse proxy.
> (Reverse proxy configured to allow only domain user to browse the intranet
> web sites). And if they key in wrong password for more than 3 times there
> account will get lock out and it never been released by itself!
>
> This behavior creates lots of trouble to my overseas users. They need to
> call Head Office system administrator to unlock their account.
>
> Any idea to resolve the above issue?
>
> Venkat
>

Hi,

Thanks for your suggestion. But the situation is my auditor wants this
feature for all our corporate staffs(same lock out policy for all the staff,
who wants to login to the local intranet). And more over overseas staff are
not belong to one group; any for internal staff can go overseas randomly.

Thnak you once again

Venkat
"Asif Razzaq Attari" wrote:

> Try to move oversea users in other than intranet OU users.
>
> "Tohelp" wrote:
>
> > Dear All,
> >
> > In our network we have account lock out policy for our domain user (set it
> > up in Group Policy) , it defined as 3 invalid logon attempts and lockout
> > duration defined as 30 mins. Everything think works fine for local intranet
> > users, means anyone key in wrong password for 3 times it will lock the
> > account and it will get auto release after 30 mins.
> >
> > My question is if any users try from outside local area network (via
> > internet) ie to access my intranet web servers thru ISA reverse proxy.
> > (Reverse proxy configured to allow only domain user to browse the intranet
> > web sites). And if they key in wrong password for more than 3 times there
> > account will get lock out and it never been released by itself!
> >
> > This behavior creates lots of trouble to my overseas users. They need to
> > call Head Office system administrator to unlock their account.
> >
> > Any idea to resolve the above issue?
> >
> > Venkat
> >