I'm using Windows 2000 Server as my DC. Also I'm running Exchange 2000 on a seperate server and have just installed a thrid Windows 2000 Server and promoted it to a DC as well for redundancey.
I have a group of users that only use email via Outlook Web Access (Exchange's version of webmail) accessing it through Internet Explorer. However, I don't want these users to login to the computers on the domain with their personal account. In fact, to restrict them from doing so, I have edited their user account to force them to only be able to login to the Exchange server for webmail (OWA). I did this by going into the properties of each of my users within Active Directory and clicking the "Account" tab. Then clicking the "Log On To..." button, I change the default setting of "All Computers" to "The Following Computers". I then add the name of my exchange server only. Now if a user tries to log into a workstation on our domain, they get prompted that they are restricted from doing so.
With that being said, I now want to create a Group Policy for the OU that these users are a member of..specifically to setup Password Policy, Account Lockout Policy. I created a Group Policy and went into Computer Configuration->Windows Settings->Security Settings->Account Policy to make my appropriate changes.
Now, when I try to purposely lock an account out by logging into OWA, nothing happens. After typing in an incorrect password 3 times, the webpage simply states "Access is Denied". If I check the account I was using in AD, it does not state it's locked out. I'm wondering if the way I setup these accounts to only login to my Exchange server is affecting the GP settings I put in place.
Am I missing something simple here. Any help would be appreciated.
Chris
I have a group of users that only use email via Outlook Web Access (Exchange's version of webmail) accessing it through Internet Explorer. However, I don't want these users to login to the computers on the domain with their personal account. In fact, to restrict them from doing so, I have edited their user account to force them to only be able to login to the Exchange server for webmail (OWA). I did this by going into the properties of each of my users within Active Directory and clicking the "Account" tab. Then clicking the "Log On To..." button, I change the default setting of "All Computers" to "The Following Computers". I then add the name of my exchange server only. Now if a user tries to log into a workstation on our domain, they get prompted that they are restricted from doing so.
With that being said, I now want to create a Group Policy for the OU that these users are a member of..specifically to setup Password Policy, Account Lockout Policy. I created a Group Policy and went into Computer Configuration->Windows Settings->Security Settings->Account Policy to make my appropriate changes.
Now, when I try to purposely lock an account out by logging into OWA, nothing happens. After typing in an incorrect password 3 times, the webpage simply states "Access is Denied". If I check the account I was using in AD, it does not state it's locked out. I'm wondering if the way I setup these accounts to only login to my Exchange server is affecting the GP settings I put in place.
Am I missing something simple here. Any help would be appreciated.
Chris
