AD

[jaymehall]

Hello,

Is there any way in a Windows 2000 domain to have an account never lock out?

Thanks

 

[lhuegele]

It depends what you mean by lock out....ARe you talking about how on the account tab an account gets locked out when the password is typed in wrong too many times?

 

[jaymehall]

Yes - password entered incorrectly too many times.... can a person prevent the lock out from occurring?

 

[lhuegele]

Yes, I believe you can remove the "failed password lockout" settings in your global policy, or you can increase the number of failed attempts to a higher number, or you can lower the amount of time a user is locked out, etc.

We have a 15 minute lock-out for every 5 failed password attempts. We do this because of security reasons. Let's say someone is trying to hack into a user account, or someone has a virus or other malware that is trying to hack into someone's account. They get un-locked automatically after 15 minutes.

What are your global policy settings at, and do you have a lot of users that forget their password or something?

Good luck,

 

[jaymehall]

I just want to have this done for one user - not the other 300 + users.....The global policy seems to overwrite everything I try on an OU level. Even with blocked inheritance.

 

[acl03]

Password policies in 2003 domains are at the domain level. You can't set OU-specific password policies. I hear they are adding that feature in the next version of windows server.



Thanks,
Andrew