Lockout Policy

R

Rob G

Hello

If I were to set a policy on a local machine that locked a user
out after 2 unsuccessful logon attempts, then set a policy at the
domain level to lock out the same user account after 3 invalid attempts
would this user now have 5 invalid attempts before being locked out?
(if they were trying to log onto the domain with their domain accout)

Thanks
 
G

Guest

No, the domain policys always overwrite local policies
(assuming they are propagating properly, which is a
different problem). Local polices are applied first, then
Site, then domain, then OU.

In your case the user would have 3 chances to log in and
then be locked out.

use GPRESULT in 2003 or XP to see what happens on a
specific machine+login
 
J

Jeremy@gilbarco

No, the domain policys always overwrite local policies
(assuming they are propagating properly, which is a
different problem). Local polices are applied first, then
Site, then domain, then OU.

In your case the user would have 3 chances to log in and
then be locked out.

use GPRESULT in 2003 or XP to see what happens on a
specific machine+login
 
R

Roberto Ruiz

No, the domain policy will overide the local policy, so you users wil be
locked out after 3 attempts at any machine.
Hope this helps,
Robert

Roberto Ruiz
Brainbench MVP for WinNT Workstation
http://www.brainbench.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Account Lockout Policy will not stop 2
Default Domain Policy override 1
Group policy, Item Account lockout duration 1
Account Lockout Problems 1
A policy to override the default domain policy? 5
Account Lockout Policy 7
Unable to change Windows 2000 Account Lockout Policy 1
Default domain policy 6

Top