NT4 server lockout policy in win2k domain

C

--CS--

Hi

I have a win2k domain in win2k native mode. It has a domain lockout policy
to unlock accounts after being locked out for 5 minutes.

There is a NT4 member server with an account lockout policy to forever lock
an account until it is manually unlocked by an administrator.

I have 2 questions:
If I have a local account on the NT4 server and it gets locked out, would it
be unlocked in 5 minutes or stay unlocked forever?

Will the NT4 server apply the win2k domain GPO?

Thanks in advance
CS
 
P

ptwilliams

I would say yes if this were a Windows 2000/2003 box, but I've not tested
this. However, NT4 doesn't do GPO so no way.

I'll elaborate on the above point if I may...

You configure your security settings on a GPO linked to the domain, and the
DCs grab and process this. However, I would think it is also processed by
all valid (with apply permissions or within the scope) machines. However,
it's the DCs that are important because domain users and computers
authenticate with them.

If you try and filter this type of policy to a security group or link it to
a lower level container, you'll see that this is only applied to the local
computers, and thus the restrictions apply only to the local SAM.

So, without testing I would think that this applies to all applicable
machines (NT 5.x).

However, with regards to your question, without defining NT System Policies
there's no way this'll apply to the NT member.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
"--CS--" <not sure> wrote in message
Hi

I have a win2k domain in win2k native mode. It has a domain lockout policy
to unlock accounts after being locked out for 5 minutes.

There is a NT4 member server with an account lockout policy to forever lock
an account until it is manually unlocked by an administrator.

I have 2 questions:
If I have a local account on the NT4 server and it gets locked out, would it
be unlocked in 5 minutes or stay unlocked forever?

Will the NT4 server apply the win2k domain GPO?

Thanks in advance
CS
 
C

--CS--

Hi ptwilliams

That's what I was thinking but I needed some confirmation. Thanks for your
help :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Account Lockout Problems 1
all accounts locked out !!! 4
Account lockout GPO 0
Account Lockout 1
NT4 Password Policy implementation 2
Group policy, Item Account lockout duration 1
Help on Account Lockout 5
Account lockout not happening 1

Top