Update Policy rules via the domain's Default policy.
In the Group Policy Management Editor -->
Configuration --> Windows Settings --> Account Policies --> Account Lockout Policy.
Double click the Account lockout threshold entry in the right pane and put a check in the Define this policy setting checkbox.
Enter a value as the threshold. (e.g. 5 or 10). Click OK.
Note: When you click OK, the Account lockout duration and the Reset account lockout counter settings will be set. You can now change them from their defaults.
Account lockout duration
Specifies the number of minutes a locked out account will remain unavailable before a user can attempt to log back in.
Account lockout thresholdÂ
This setting determines the number of failed logon attempts before a lockout occurs.
Reset account lockout counter after
This is the length of time before the Account lockout threshold setting resets to zero.
In the Group Policy Management Console -->
Forest: mydomain.org --> Domains --> mydomain.org --> Default Domain Policy.
Right-click and choose Edit.
Want to create different policies?
Link to MS Password and Account Lockout Policy Guide:
http://technet.microsoft.com/en-us/library/cc770842.aspx
Link to MS whitepaper on account lockout best practices:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8C8E0D90-A13B-4977-A4FC-3E2B67E3748E&displaylang=en
There is a bug in 2003 where a domain lockout would still allow OWA access. I don't know if this was ever fixed.
previous page
|