Account lockout not happening




I have a win2k domain. Two DC's. I have my acct lockout set to 3 invalid
log in attempts. The strange thing is that it takes 20 attempts to log in
with a bad password before it locks it out. Using the account lockout tool I
can see that it waits until the bad PWD count is equal to 20. If I do ROSP on
the user and the machine it shows that it should lock after 3 attempts. If i
look at the default domain policy report it shows 3 attempts so I am lost..
Using the acctinfo dll file in AD users and comp and click on a user it shows
the differnet info then the default domain one. it shows the 20 bad pwd count
and has a differnet value for lockout periods as well.. Does this make any
sense to anyone?

What am I missing or doing wrong??

Any help would be appreicated..



Update. I created a new GPO strictly for the Password policy and it
replicates though. So not really sure what the problem is with the other one.
I enforced this one but there is nothing further down over writing the
original Domain Policy so I am at a loss but atleast have it working!

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question